From nobody Thu Sep 05 18:09:18 2024 X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4X06nn0TPQz5WWdk for ; Thu, 05 Sep 2024 18:09:33 +0000 (UTC) (envelope-from asomers@gmail.com) Received: from mail-oi1-f177.google.com (mail-oi1-f177.google.com [209.85.167.177]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4X06nl73qPz4G78 for ; Thu, 5 Sep 2024 18:09:31 +0000 (UTC) (envelope-from asomers@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=freebsd.org (policy=none); spf=pass (mx1.freebsd.org: domain of asomers@gmail.com designates 209.85.167.177 as permitted sender) smtp.mailfrom=asomers@gmail.com Received: by mail-oi1-f177.google.com with SMTP id 5614622812f47-3df0a54623dso660149b6e.0 for ; Thu, 05 Sep 2024 11:09:31 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1725559770; x=1726164570; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=A6Z4llo/SZX531S5EHas7PUD5EsxrlO0evBfWqzX0bM=; b=Fb5bH+Ic/pIQhRb/VxLFuoHi04o03f59IoGMPKY6UpeX3vAVP3akVquQ0L4swWUnZY tL60IIB0/UxKw7N898P/OaN7floEwdUqNa4HxDoBkygVjbKOHBHOessgeAXgedc27Gtx AuGxLScYJk/vORo984ESi61I6KUTHLFCFJdyfUmjnYQE7YuABa9F1ubgxGeVkcrj6L2p kemu6emITlFPNTn41bHPtUNz6vDXzA2lnmyg6J3K8E1iutaVhkhcg3BXTMgxTyFD1Wco lhGKamt8uRNp2dBweFyR0DEKbnbn+iI4vdzv4BGuPEqlqp7jvgCfZ+RgpFqlnrnsoTZr aIRQ== X-Gm-Message-State: AOJu0YzqHbxbe7TugO/IuyFPLSs0/U/kz7gF9GTOEqxDkyb5JNPq1Dr7 bbM1xLPM1YLhQgOYLHMp7gLHmDk4YgO3da5C+rSg1KxO1oIqQAw9hsWuUqo+2FN07Oe1EgV+l1m +YhTalV1EC0Ql4AHlw4Z3394Qz2SYGHZ3 X-Google-Smtp-Source: AGHT+IFDHk3N7FFG56Y6X5Edvpt7EQg6tU14hG9xIeqAqVgRy/PkNVGjpsMqNA/Vra6AYidZFu1GTRbGujFFopCu3UA= X-Received: by 2002:a05:6808:1590:b0:3d9:e1d1:157e with SMTP id 5614622812f47-3e029f20b5fmr159199b6e.35.1725559770021; Thu, 05 Sep 2024 11:09:30 -0700 (PDT) List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@FreeBSD.org MIME-Version: 1.0 From: Alan Somers Date: Thu, 5 Sep 2024 12:09:18 -0600 Message-ID: Subject: The Case for Rust (in any system) To: FreeBSD Hackers Content-Type: text/plain; charset="UTF-8" X-Spamd-Bar: - X-Spamd-Result: default: False [-1.06 / 15.00]; NEURAL_HAM_LONG(-0.92)[-0.915]; NEURAL_HAM_MEDIUM(-0.32)[-0.320]; FORGED_SENDER(0.30)[asomers@freebsd.org,asomers@gmail.com]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17:c]; MIME_GOOD(-0.10)[text/plain]; DMARC_POLICY_SOFTFAIL(0.10)[freebsd.org : SPF not aligned (relaxed), No valid DKIM,none]; NEURAL_SPAM_SHORT(0.08)[0.081]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+]; ARC_NA(0.00)[]; MISSING_XM_UA(0.00)[]; FREEFALL_USER(0.00)[asomers]; FREEMAIL_ENVFROM(0.00)[gmail.com]; MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; FROM_NEQ_ENVFROM(0.00)[asomers@freebsd.org,asomers@gmail.com]; RCVD_COUNT_ONE(0.00)[1]; R_DKIM_NA(0.00)[]; RWL_MAILSPIKE_POSSIBLE(0.00)[209.85.167.177:from]; TO_DOM_EQ_FROM_DOM(0.00)[]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; RCVD_IN_DNSWL_NONE(0.00)[209.85.167.177:from] X-Rspamd-Queue-Id: 4X06nl73qPz4G78 By now I expect that most of you have seen the long list of new security advisories that just came out. Strikingly, all were the result of memory handling errors. And none of them wouldn't have happened if their respective programs had been written in a memory-safe language. In fact, of all the C bug fixes that I've been involved with (as either author or reviewer) since May, about three quarters could've been avoided just by using a better language. The real takeaway here is that C is no longer sufficient for writing high quality code in the 2020s. Everyone needs to adapt their tools. Programmers who don't will increasingly come to resemble experimental archaeologists, i.e. people who learn flintknapping to "keep the knowledge alive". Such people are valuable, but definitely niche. I for one don't want my career to go in that trajectory. To summarize, here's the list of this week's security advisories, and also some other recent C bug fixes of my own involvement: Buffer overflow =============== https://cgit.freebsd.org/src/commit/?id=3aaaca1b51ad844ef9e9b3d945217ab3dd189bae CVE-2024-45288 FreeBSD-SA-24:09.libnv https://cgit.freebsd.org/src/commit/?id=a06fc21e770a482c8915411ebc98c870e42dd29b CVE-2024-41928 FreeBSD-SA-24:10.bhyve https://cgit.freebsd.org/src/commit/?id=af438acbfde3d25dbdc82b2b3d72380f0191e9d9 CVE-2024-42416 FreeBSD-SA-24:11.ctl https://cgit.freebsd.org/src/commit/?id=db87c98168b1605f067d283fa36a710369c3849d FreeBSD-SA-24:11.ctl https://cgit.freebsd.org/src/commit/?id=5c9308a4130858598c76f3ae6e3e3dfb41ccfe68 CVE-2024-32668 FreeBSD-SA-24:12.bhyve Integer overflow ================ https://cgit.freebsd.org/src/commit/?id=36fa90dbde0060aacb5677d0b113ee168e839071 CVE-2024-45287 FreeBSD-SA-24:09.libnv https://cgit.freebsd.org/src/commit/?id=c3e6dfe55c0e81d0717b0458bc95128384c3ebe8 FreeBSD-SA-24:14.umtx Use after free ============== https://cgit.freebsd.org/src/commit/?id=670b582db6cb827a8760df942ed8af0020a0b4d0 CVE-2024-45063 FreeBSD-SA-24:11.ctl https://cgit.freebsd.org/src/commit/?id=62f40433ab47ad4a9694a22a0313d57661502ca1 CVE-2024-43102 FreeBSD-SA-24:14.umtx Uninitialized memory access =========================== https://cgit.freebsd.org/src/commit/?id=ea44766b78d639d3a89afd5302ec6feffaade813 CVE-2024-8178 FreeBSD-SA-24:11.ctl https://cgit.freebsd.org/src/commit/?id=0f2b2276abc305905e7d88619a7abca26b0dd7eb Memory Leaks ============ https://cgit.freebsd.org/src/commit/?id=2909ddd17cb4d750852dc04128e584f93f8c5058 Incorrect union member access ============================= https://cgit.freebsd.org/src/commit/?id=9a5a7c90d5e5971fe2b9c9265e9279a6f173a8f3 CVE-2024-6119 FreeBSD-SA-24:13.openssl Concurrent unsychronized memory access ====================================== https://cgit.freebsd.org/src/commit/?id=1f5bf91a85e93afa17bc9c03fe7fade0852da046 RAII ==== https://cgit.freebsd.org/src/commit/?id=4b3141f5d5373989598f9447ab5a9f87e2d1c9fb Unchecked errors [^1] ====================== https://cgit.freebsd.org/src/commit/?id=35f4984343229545881a324a00cdbb3980d675ce https://cgit.freebsd.org/src/commit/?id=eced2e2f1e56b54753702da52a88fccbe73b3dcb https://cgit.freebsd.org/src/commit/?id=f625d038d2ae59fa1ae81b76079da464ed6db61a Not preventable by a safer programming language =============================================== https://cgit.freebsd.org/src/commit/?id=7d6932d20aedbbb220cd78e90ab4e82d1abaad31 https://cgit.freebsd.org/src/commit/?id=6efba04df3f8c77b9b12f1df3e5124a7249b82fc https://cgit.freebsd.org/src/commit/?id=4b72bab96e8978eaed30fd44f7f51e1b4918d4db https://cgit.freebsd.org/src/commit/?id=b64afa41d56e98b5817aaf14c7deb0fa7e2142fb [^1]: while not memory-safety bugs, Rust's lints actually make ignoring errors like this pretty difficult. So I consider these bugs to have been preventable.