Re: The Case for Rust (in any system)

From: Dmitry Salychev <dsl_at_FreeBSD.org>
Date: Thu, 05 Sep 2024 21:06:12 UTC
Jan Knepper <jan@digitaldaemon.com> writes:

> Is this used?
>
> Does anyone from the team monitor this?
>
> https://scan.coverity.com/projects/freebsd
>

I check it from time to time hoping to find anything about
sys/dev/dpaa2, but no issues there reported. I wonder whether Coverity
configured in a specific way not to get any code from CURRENT.

>
>
> On 9/5/24 14:09, Alan Somers wrote:
>> By now I expect that most of you have seen the long list of new
>> security advisories that just came out.  Strikingly, all were the
>> result of memory handling errors.  And none of them wouldn't have
>> happened if their respective programs had been written in a
>> memory-safe language.
>>
>> In fact, of all the C bug fixes that I've been involved with (as
>> either author or reviewer) since May, about three quarters could've
>> been avoided just by using a better language.
>>
>> The real takeaway here is that C is no longer sufficient for writing
>> high quality code in the 2020s.  Everyone needs to adapt their tools.
>> Programmers who don't will increasingly come to resemble experimental
>> archaeologists, i.e. people who learn flintknapping to "keep the
>> knowledge alive".  Such people are valuable, but definitely niche.  I
>> for one don't want my career to go in that trajectory.
>>
>> To summarize, here's the list of this week's security advisories, and
>> also some other recent C bug fixes of my own involvement:
>>
>> Buffer overflow
>> ===============
>> https://cgit.freebsd.org/src/commit/?id=3aaaca1b51ad844ef9e9b3d945217ab3dd189bae
>> CVE-2024-45288 FreeBSD-SA-24:09.libnv
>> https://cgit.freebsd.org/src/commit/?id=a06fc21e770a482c8915411ebc98c870e42dd29b
>> CVE-2024-41928 FreeBSD-SA-24:10.bhyve
>> https://cgit.freebsd.org/src/commit/?id=af438acbfde3d25dbdc82b2b3d72380f0191e9d9
>> CVE-2024-42416 FreeBSD-SA-24:11.ctl
>> https://cgit.freebsd.org/src/commit/?id=db87c98168b1605f067d283fa36a710369c3849d
>> FreeBSD-SA-24:11.ctl
>> https://cgit.freebsd.org/src/commit/?id=5c9308a4130858598c76f3ae6e3e3dfb41ccfe68
>> CVE-2024-32668 FreeBSD-SA-24:12.bhyve
>>
>> Integer overflow
>> ================
>> https://cgit.freebsd.org/src/commit/?id=36fa90dbde0060aacb5677d0b113ee168e839071
>> CVE-2024-45287 FreeBSD-SA-24:09.libnv
>> https://cgit.freebsd.org/src/commit/?id=c3e6dfe55c0e81d0717b0458bc95128384c3ebe8
>> FreeBSD-SA-24:14.umtx
>>
>> Use after free
>> ==============
>> https://cgit.freebsd.org/src/commit/?id=670b582db6cb827a8760df942ed8af0020a0b4d0
>> CVE-2024-45063 FreeBSD-SA-24:11.ctl
>> https://cgit.freebsd.org/src/commit/?id=62f40433ab47ad4a9694a22a0313d57661502ca1
>> CVE-2024-43102 FreeBSD-SA-24:14.umtx
>>
>> Uninitialized memory access
>> ===========================
>> https://cgit.freebsd.org/src/commit/?id=ea44766b78d639d3a89afd5302ec6feffaade813
>> CVE-2024-8178 FreeBSD-SA-24:11.ctl
>> https://cgit.freebsd.org/src/commit/?id=0f2b2276abc305905e7d88619a7abca26b0dd7eb
>>
>> Memory Leaks
>> ============
>> https://cgit.freebsd.org/src/commit/?id=2909ddd17cb4d750852dc04128e584f93f8c5058
>>
>> Incorrect union member access
>> =============================
>> https://cgit.freebsd.org/src/commit/?id=9a5a7c90d5e5971fe2b9c9265e9279a6f173a8f3
>> CVE-2024-6119 FreeBSD-SA-24:13.openssl
>>
>> Concurrent unsychronized memory access
>> ======================================
>> https://cgit.freebsd.org/src/commit/?id=1f5bf91a85e93afa17bc9c03fe7fade0852da046
>>
>> RAII
>> ====
>> https://cgit.freebsd.org/src/commit/?id=4b3141f5d5373989598f9447ab5a9f87e2d1c9fb
>>
>> Unchecked errors [^1]
>> ======================
>> https://cgit.freebsd.org/src/commit/?id=35f4984343229545881a324a00cdbb3980d675ce
>> https://cgit.freebsd.org/src/commit/?id=eced2e2f1e56b54753702da52a88fccbe73b3dcb
>> https://cgit.freebsd.org/src/commit/?id=f625d038d2ae59fa1ae81b76079da464ed6db61a
>>
>> Not preventable by a safer programming language
>> ===============================================
>> https://cgit.freebsd.org/src/commit/?id=7d6932d20aedbbb220cd78e90ab4e82d1abaad31
>> https://cgit.freebsd.org/src/commit/?id=6efba04df3f8c77b9b12f1df3e5124a7249b82fc
>> https://cgit.freebsd.org/src/commit/?id=4b72bab96e8978eaed30fd44f7f51e1b4918d4db
>> https://cgit.freebsd.org/src/commit/?id=b64afa41d56e98b5817aaf14c7deb0fa7e2142fb
>>
>> [^1]: while not memory-safety bugs, Rust's lints actually make
>> ignoring errors like this pretty difficult.  So I consider these bugs
>> to have been preventable.
>>


-- 
https://wiki.freebsd.org/DmitrySalychev