Your act as if the stupid ass syntax/ limited rust is the magic bullet. Guys, everyone is hackable. Everything is hackable. No matter what fricking programming language you're using.
https://github.com/Speykious/cve-rs
The only real reason rust even exists is to give sub-par developers a chance to develop software which at its optimum is similarly as fast as the software written in C++, Since most rust developers would not be able to even use one hundredth of the features of a language as complex as C++. That's why they need a compiler holding their fricking androgynous hands.
You're likely running code on your machine written by sub-par developers. You want them to be using Rust. People running your code don't know if you're sub-par or not. They want you to be using Rust.
>That shit isn't hackable
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=rust
this meme language is no better or worse than c. it's as if you delusional child sex offenders think we get a different kind of internet than you do. somehow we're unable to look up CVEs posted on a regular? keep coping, Black person.
If you mean something inherent to the language design then RAII behavior can cause surprises in unsafe code. Normally you don't have to think very hard about when temporary values are destroyed because the compiler will let you know if it's too early, but with raw pointers you lose that promise and need to adjust your habits. See https://flak.tedunangst.com/post/comparative-unsafety and https://arxiv.org/pdf/2003.03296.pdf#section.5
The fact that aliasing &mut references are immediate UB (that compiler optimizations actually take advantage of) can also be a problem. Some unsafe code that should "obviously" work is unsound.
I don't know if these have ever escalated to actual hacks.
Post production rust applications and I'll consneed
There are a lot at this point, e.g.
https://github.com/cloudflare/pingora
https://source.android.com/docs/setup/build/rust/building-rust-modules/overview (used in e.g. the bluetooth stack)
https://dropbox.tech/infrastructure/rewriting-the-heart-of-our-sync-engine
https://firecracker-microvm.github.io/
Don’t fall for it frens, >bad design
is xher loophole to automatically wave away any valid response with >you’re holding it wrong
ALL security issues are ultimately bad design issues
> delusional troony pedophile cope thread > still doesn't understand how computers work
ah yes, the future of programming is safe in the hands of corporate wiener suckers that barely understand how a computer operates. well done, troony.
these delusional trannies keep trying to bend other's shit to their will. apparently they will be unable to use singletons later this year because its ((unsafe))? good luck getting any shit done lmfao
Static variables are safe.
To make a static variable mutable you can do two things:
- Add some sort of synchronization (a mutex, atomics, etcetera), to deal with thread safety and reentrancy
- Use `static mut`, which requires unsafe {} to access
It's easy to mess up usage of `static mut`, so they're considering deprecating it in favor of using UnsafeCell, which goes through raw pointers and makes it easier to think about what you're doing. This has all the same capabilities with a different API.
This would only take effect on projects that opt into the 2024 edition and it's not very hard to switch. (And if you don't opt into the 2024 edition you may miss out on on a few bits of new syntax but you can still use most new features.)
tl;dr somebody misread a blog post
They just have to find a vulnerability in rust and they'll have an exploit for literally every device. Unironically this would be a dream come true for them.
>They just have to find a vulnerability in rust and they'll have an exploit for literally every device. Unironically this would be a dream come true for them.
They already found hundreds of vulnerabilities in C but C shills say it's user error. If they find any kind of vulnerability in Rust, Rust people would fix it.
Memory bugs aren't easy to exploit anymore thanks to mitigations built into CPUs and OSes.
Most exploited vulnerabilities these days are dumb logic errors made by shitty programmers.
What's the deal with the Microsoft and Google statistics where the most damage is done by memory bugs? Why do security researches spend so much time on memory bugs?
They didn't say most damage was done by memory bugs. They said most of the bugs they found were memory-related but cause they're low-hanging fruits.
There's almost no new CVE scored above 8.5 that's caused by memory corruption.
What's the deal with the Microsoft and Google statistics where the most damage is done by memory bugs? Why do security researches spend so much time on memory bugs?
As a reference, Heartbleed which is one of the most famous memory bugs in the last 10 years only scored 7.5 because it's not that exploitable.
https://nvd.nist.gov/vuln/detail/cve-2014-0160
Meanwhile, you get a serious RCE exploit from software written in "safe languages" with automatic memory management like every month.
1 month ago
Anonymous
Thats actually super interesting.. its not often you find good advice on a mongolian basket weaving forum
https://www.chromium.org/Home/chromium-security/memory-safety/ >The Chromium project finds that around 70% of our serious security bugs are memory safety problems.
So that's already filtered for severity. Though Microsoft's own 70% statistic does seem to be across all CVEs.
But yeah, I guess I buy that most exploits in general are for far stupider reasons. The average piece of software is not very much like Chromium.
Your act as if the stupid ass syntax/ limited rust is the magic bullet. Guys, everyone is hackable. Everything is hackable. No matter what fricking programming language you're using.
https://github.com/Speykious/cve-rs
The only real reason rust even exists is to give sub-par developers a chance to develop software which at its optimum is similarly as fast as the software written in C++, Since most rust developers would not be able to even use one hundredth of the features of a language as complex as C++. That's why they need a compiler holding their fricking androgynous hands.
I don't get it. I'm not mentally ill so I don't know rust. Does this mean rust segaults?
Rust is a degen dev's 1st choice
I'm just confused because the guy who made this is a gay and there are troony commenters all speaking in irony.
You're likely running code on your machine written by sub-par developers. You want them to be using Rust. People running your code don't know if you're sub-par or not. They want you to be using Rust.
I'd rather run jeetcode than trooncode
You're likely running both
One of these days I'll program a microcontroller as a dedicated shitposting unit so I can exclusively run chudcode
Why are you spamming a very out of the way typechecking bug? That shit isn't hackable
Just talk about logic bugs, that would actually make your case
>That shit isn't hackable
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=rust
this meme language is no better or worse than c. it's as if you delusional child sex offenders think we get a different kind of internet than you do. somehow we're unable to look up CVEs posted on a regular? keep coping, Black person.
it's actually even worse than c when working in unsafe context
What do you think "that shit" meant? Please read carefully
Post examples of Rust hacks which aren't social engineering or bad design. Post hacks due to the language.
Post production rust applications and I'll consneed
If you mean something inherent to the language design then RAII behavior can cause surprises in unsafe code. Normally you don't have to think very hard about when temporary values are destroyed because the compiler will let you know if it's too early, but with raw pointers you lose that promise and need to adjust your habits. See https://flak.tedunangst.com/post/comparative-unsafety and https://arxiv.org/pdf/2003.03296.pdf#section.5
The fact that aliasing &mut references are immediate UB (that compiler optimizations actually take advantage of) can also be a problem. Some unsafe code that should "obviously" work is unsound.
I don't know if these have ever escalated to actual hacks.
There are a lot at this point, e.g.
https://github.com/cloudflare/pingora
https://source.android.com/docs/setup/build/rust/building-rust-modules/overview (used in e.g. the bluetooth stack)
https://dropbox.tech/infrastructure/rewriting-the-heart-of-our-sync-engine
https://firecracker-microvm.github.io/
Don’t fall for it frens,
>bad design
is xher loophole to automatically wave away any valid response with
>you’re holding it wrong
ALL security issues are ultimately bad design issues
>nocoder opinion
lmao what is it with nocoder neet gays and their obsession with C and C++ ? You're a walking LLM trained on IQfy and /misc/ memes.
I don't like transfolk because I can't breed
While this is true, you also don't want to pay alimony. You don't want to get child cucked by a stupid b***h.
Be careful out there bro.
> delusional troony pedophile cope thread
> still doesn't understand how computers work
ah yes, the future of programming is safe in the hands of corporate wiener suckers that barely understand how a computer operates. well done, troony.
https://github.com/libsdl-org/SDL/issues/9377
these delusional trannies keep trying to bend other's shit to their will. apparently they will be unable to use singletons later this year because its ((unsafe))? good luck getting any shit done lmfao
wait, what?
>remove static vars
why would they wanna do that?
and whats the plan then?
put everything in globals?
and what about code that used that feature?
Static variables are safe.
To make a static variable mutable you can do two things:
- Add some sort of synchronization (a mutex, atomics, etcetera), to deal with thread safety and reentrancy
- Use `static mut`, which requires unsafe {} to access
It's easy to mess up usage of `static mut`, so they're considering deprecating it in favor of using UnsafeCell, which goes through raw pointers and makes it easier to think about what you're doing. This has all the same capabilities with a different API.
This would only take effect on projects that opt into the 2024 edition and it's not very hard to switch. (And if you don't opt into the 2024 edition you may miss out on on a few bits of new syntax but you can still use most new features.)
tl;dr somebody misread a blog post
lmao why can't rust programmers just write their own alternative to SDL?
They'll get new surfaces due to libraries constantly being outdated.
The issue with Rust, or really any language with parametric polymorphism is that it isn't really possible to use dynamic linking of libraries.
They just have to find a vulnerability in rust and they'll have an exploit for literally every device. Unironically this would be a dream come true for them.
What kind of vulnerability could break open everything? Even libc vulnerabilities tend to be situational
>They just have to find a vulnerability in rust and they'll have an exploit for literally every device. Unironically this would be a dream come true for them.
They already found hundreds of vulnerabilities in C but C shills say it's user error. If they find any kind of vulnerability in Rust, Rust people would fix it.
Why does C's perfection make rust trannies seethe?
Who’s doing buffer overflows anymore really it’s 2024 lmao
homies be playing CTF and think the real-world software are like that.
The same thing they are doing now: Social Engineering.
Memory bugs aren't easy to exploit anymore thanks to mitigations built into CPUs and OSes.
Most exploited vulnerabilities these days are dumb logic errors made by shitty programmers.
What's the deal with the Microsoft and Google statistics where the most damage is done by memory bugs? Why do security researches spend so much time on memory bugs?
They didn't say most damage was done by memory bugs. They said most of the bugs they found were memory-related but cause they're low-hanging fruits.
There's almost no new CVE scored above 8.5 that's caused by memory corruption.
As a reference, Heartbleed which is one of the most famous memory bugs in the last 10 years only scored 7.5 because it's not that exploitable.
https://nvd.nist.gov/vuln/detail/cve-2014-0160
Meanwhile, you get a serious RCE exploit from software written in "safe languages" with automatic memory management like every month.
Thats actually super interesting.. its not often you find good advice on a mongolian basket weaving forum
https://www.chromium.org/Home/chromium-security/memory-safety/
>The Chromium project finds that around 70% of our serious security bugs are memory safety problems.
So that's already filtered for severity. Though Microsoft's own 70% statistic does seem to be across all CVEs.
But yeah, I guess I buy that most exploits in general are for far stupider reasons. The average piece of software is not very much like Chromium.
Use the same backdoor the Feds use.
hack LLVM
So basically there will be no reason to use reverse engineering and look for kernel exploits once the trannies takeover.