From nobody Fri Sep 06 22:27:05 2024 X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4X0rSl6s5lz5W7gj for ; Fri, 06 Sep 2024 22:27:19 +0000 (UTC) (envelope-from joesuf4@gmail.com) Received: from mail-wr1-x436.google.com (mail-wr1-x436.google.com [IPv6:2a00:1450:4864:20::436]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4X0rSl25Hrz4LSd; Fri, 6 Sep 2024 22:27:19 +0000 (UTC) (envelope-from joesuf4@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20230601 header.b=d4ZAaA60; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of joesuf4@gmail.com designates 2a00:1450:4864:20::436 as permitted sender) smtp.mailfrom=joesuf4@gmail.com Received: by mail-wr1-x436.google.com with SMTP id ffacd0b85a97d-374c1963cb6so1379801f8f.3; Fri, 06 Sep 2024 15:27:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1725661638; x=1726266438; darn=freebsd.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=zUh2QzJSSq+9WtMqqYk3HCZKW9db5YSPlNVT8BW/9aM=; b=d4ZAaA605HdXGICSBZFbjhZsPye/SAi6ZmgomQLnHBtPxC1+sms8OoVTMzXUf1U1p5 9Ap5PCvSSWGnroKWAKWT5oPYWahH1HNOmNX5aKKJuiWGS10Qs39PKM3w1vauJtnHpJ0V J8mAxJLQY3QJ8aD8eMTk+qH6zoNGuNsgOFxOYHbfG5tCWtqQXWslbnw6uDcdgd9ErRZ7 EiLiNwZEAR7YLD+H+LGVlfZxxElk9KxZm86iiKbGpR2DPXOnYWZQ3jr9yRUpPLI30IV8 PPo0tNPVgp+FaIOpwa0LMvZVt0QKQmqHGbbQL/6KUUJDuDbCDO9R2mEBz/CEW2q+Gpfc oFGQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1725661638; x=1726266438; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=zUh2QzJSSq+9WtMqqYk3HCZKW9db5YSPlNVT8BW/9aM=; b=PTESfOzABzXp58gp4E810PZ4e50xUhG+RhXWu5rR36ksKyecS5vcliMtVUsgAeW5V8 gVvNy0a72imIEntXOZaK6ULFWe2F6lT4ASLPXW5BhjsIQhstU9BTW/TtSS9C3Y7kbI5L se0CctzcGXaiFsGxLQmpg13Ex7FYT44ji9r3FFJI4l1yAPoFIjm214QJDzFzqq7dHBYR 2QZbLPaY58R+Lpo4n9ghTrLYUhfzzEyYhazLFUrYslsI4EQcKyM9ktk+BmmJZBRwCIpG 1Hp1u9cW9kMtyU/iWGYjvOVOJXC5ydoEFpVcztYVOVa3JAyGDuFFdOCfRuJZRxOCztqK P7jg== X-Gm-Message-State: AOJu0YzkDhS30OTRNl94qMKY9Q3sPbrxuEJgQzdoQetj+KWMUWocJ5Iv xUadUL3hbfenQew4jrZVV0yCbNDplA4k2i2kC1f+C8VuBAZpmpvMcSb45X9CQJ4zxkICSesyZWF z/oZia6kCb0+vd1EiyN8ZW4plv/OSiw== X-Google-Smtp-Source: AGHT+IH4qI/Dlv/0uOB3s0YOaXCZrdBuv9iWQ9aC/EidOOScJu2vo5/IENyh+A0fx5Ro5imd3f7HP0kUqZLKaxZe4UE= X-Received: by 2002:a5d:6905:0:b0:374:c454:dbb3 with SMTP id ffacd0b85a97d-378896a00b4mr2200371f8f.55.1725661637152; Fri, 06 Sep 2024 15:27:17 -0700 (PDT) List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@FreeBSD.org MIME-Version: 1.0 References: In-Reply-To: From: Joe Schaefer Date: Fri, 6 Sep 2024 18:27:05 -0400 Message-ID: Subject: Re: The Case for Rust (in any system) To: Alan Somers Cc: FreeBSD Hackers Content-Type: multipart/alternative; boundary="000000000000e299b106217ae812" X-Spamd-Bar: -- X-Spamd-Result: default: False [-2.25 / 15.00]; HFILTER_URL_ONLY(1.75)[0.79701952723535]; NEURAL_HAM_SHORT(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; RCVD_TLS_LAST(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; FROM_HAS_DN(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ARC_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; FREEMAIL_FROM(0.00)[gmail.com]; TO_DN_ALL(0.00)[]; MISSING_XM_UA(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; MID_RHS_MATCH_FROMTLD(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org]; RCVD_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::436:from] X-Rspamd-Queue-Id: 4X0rSl25Hrz4LSd --000000000000e299b106217ae812 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable What a goofy thing to say. On Thu, Sep 5, 2024 at 2:09=E2=80=AFPM Alan Somers wr= ote: > By now I expect that most of you have seen the long list of new > security advisories that just came out. Strikingly, all were the > result of memory handling errors. And none of them wouldn't have > happened if their respective programs had been written in a > memory-safe language. > > In fact, of all the C bug fixes that I've been involved with (as > either author or reviewer) since May, about three quarters could've > been avoided just by using a better language. > > The real takeaway here is that C is no longer sufficient for writing > high quality code in the 2020s. Everyone needs to adapt their tools. > Programmers who don't will increasingly come to resemble experimental > archaeologists, i.e. people who learn flintknapping to "keep the > knowledge alive". Such people are valuable, but definitely niche. I > for one don't want my career to go in that trajectory. > > To summarize, here's the list of this week's security advisories, and > also some other recent C bug fixes of my own involvement: > > Buffer overflow > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > https://cgit.freebsd.org/src/commit/?id=3D3aaaca1b51ad844ef9e9b3d945217ab= 3dd189bae > CVE-2024-45288 > > FreeBSD-SA-24:09.libnv > > https://cgit.freebsd.org/src/commit/?id=3Da06fc21e770a482c8915411ebc98c87= 0e42dd29b > CVE-2024-41928 > > FreeBSD-SA-24:10.bhyve > > https://cgit.freebsd.org/src/commit/?id=3Daf438acbfde3d25dbdc82b2b3d72380= f0191e9d9 > CVE-2024-42416 > > FreeBSD-SA-24:11.ctl > > https://cgit.freebsd.org/src/commit/?id=3Ddb87c98168b1605f067d283fa36a710= 369c3849d > FreeBSD-SA-24:11.ctl > > > https://cgit.freebsd.org/src/commit/?id=3D5c9308a4130858598c76f3ae6e3e3df= b41ccfe68 > CVE-2024-32668 > > FreeBSD-SA-24:12.bhyve > > Integer overflow > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > https://cgit.freebsd.org/src/commit/?id=3D36fa90dbde0060aacb5677d0b113ee1= 68e839071 > CVE-2024-45287 > > FreeBSD-SA-24:09.libnv > > https://cgit.freebsd.org/src/commit/?id=3Dc3e6dfe55c0e81d0717b0458bc95128= 384c3ebe8 > FreeBSD-SA-24:14.umtx > > > Use after free > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > https://cgit.freebsd.org/src/commit/?id=3D670b582db6cb827a8760df942ed8af0= 020a0b4d0 > CVE-2024-45063 > > FreeBSD-SA-24:11.ctl > > https://cgit.freebsd.org/src/commit/?id=3D62f40433ab47ad4a9694a22a0313d57= 661502ca1 > CVE-2024-43102 > > FreeBSD-SA-24:14.umtx > > Uninitialized memory access > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > > https://cgit.freebsd.org/src/commit/?id=3Dea44766b78d639d3a89afd5302ec6fe= ffaade813 > CVE-2024-8178 > > FreeBSD-SA-24:11.ctl > > https://cgit.freebsd.org/src/commit/?id=3D0f2b2276abc305905e7d88619a7abca= 26b0dd7eb > > Memory Leaks > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > https://cgit.freebsd.org/src/commit/?id=3D2909ddd17cb4d750852dc04128e584f= 93f8c5058 > > Incorrect union member access > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D > > https://cgit.freebsd.org/src/commit/?id=3D9a5a7c90d5e5971fe2b9c9265e9279a= 6f173a8f3 > CVE-2024-6119 > > FreeBSD-SA-24:13.openssl > > Concurrent unsychronized memory access > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > https://cgit.freebsd.org/src/commit/?id=3D1f5bf91a85e93afa17bc9c03fe7fade= 0852da046 > > RAII > =3D=3D=3D=3D > > https://cgit.freebsd.org/src/commit/?id=3D4b3141f5d5373989598f9447ab5a9f8= 7e2d1c9fb > > Unchecked errors [^1] > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > https://cgit.freebsd.org/src/commit/?id=3D35f4984343229545881a324a00cdbb3= 980d675ce > > https://cgit.freebsd.org/src/commit/?id=3Deced2e2f1e56b54753702da52a88fcc= be73b3dcb > > https://cgit.freebsd.org/src/commit/?id=3Df625d038d2ae59fa1ae81b76079da46= 4ed6db61a > > Not preventable by a safer programming language > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > https://cgit.freebsd.org/src/commit/?id=3D7d6932d20aedbbb220cd78e90ab4e82= d1abaad31 > > https://cgit.freebsd.org/src/commit/?id=3D6efba04df3f8c77b9b12f1df3e5124a= 7249b82fc > > https://cgit.freebsd.org/src/commit/?id=3D4b72bab96e8978eaed30fd44f7f51e1= b4918d4db > > https://cgit.freebsd.org/src/commit/?id=3Db64afa41d56e98b5817aaf14c7deb0f= a7e2142fb > > [^1]: while not memory-safety bugs, Rust's lints actually make > ignoring errors like this pretty difficult. So I consider these bugs > to have been preventable. > > --000000000000e299b106217ae812 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
What a goofy thing to say.

On Thu, Sep 5, 2024 at 2:0= 9=E2=80=AFPM Alan Somers <asomers= @freebsd.org> wrote:
By now = I expect that most of you have seen the long list of new
security advisories that just came out.=C2=A0 Strikingly, all were the
result of memory handling errors.=C2=A0 And none of them wouldn't have<= br> happened if their respective programs had been written in a
memory-safe language.

In fact, of all the C bug fixes that I've been involved with (as
either author or reviewer) since May, about three quarters could've
been avoided just by using a better language.

The real takeaway here is that C is no longer sufficient for writing
high quality code in the 2020s.=C2=A0 Everyone needs to adapt their tools.<= br> Programmers who don't will increasingly come to resemble experimental archaeologists, i.e. people who learn flintknapping to "keep the
knowledge alive".=C2=A0 Such people are valuable, but definitely niche= .=C2=A0 I
for one don't want my career to go in that trajectory.

To summarize, here's the list of this week's security advisories, a= nd
also some other recent C bug fixes of my own involvement:

Buffer overflow
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
http= s://cgit.freebsd.org/src/commit/?id=3D3aaaca1b51ad844ef9e9b3d945217ab3dd189= bae
CVE-2024-45288 FreeBSD-SA-24:09.libnv
http= s://cgit.freebsd.org/src/commit/?id=3Da06fc21e770a482c8915411ebc98c870e42dd= 29b
CVE-2024-41928 FreeBSD-SA-24:10.bhyve
http= s://cgit.freebsd.org/src/commit/?id=3Daf438acbfde3d25dbdc82b2b3d72380f0191e= 9d9
CVE-2024-42416 FreeBSD-SA-24:11.ctl
https://cgit.freebsd.org/src/commit/?id=3Ddb87c98168b1605f067d283fa36a710= 369c3849d
FreeBSD-SA-24:11.ctl
http= s://cgit.freebsd.org/src/commit/?id=3D5c9308a4130858598c76f3ae6e3e3dfb41ccf= e68
CVE-2024-32668 FreeBSD-SA-24:12.bhyve

Integer overflow
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
http= s://cgit.freebsd.org/src/commit/?id=3D36fa90dbde0060aacb5677d0b113ee168e839= 071
CVE-2024-45287 FreeBSD-SA-24:09.libnv
https://cgit.freebsd.org/src/commit/?id=3Dc3e6dfe55c0e81d0717b0458bc9512= 8384c3ebe8
FreeBSD-SA-24:14.umtx

Use after free
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
http= s://cgit.freebsd.org/src/commit/?id=3D670b582db6cb827a8760df942ed8af0020a0b= 4d0
CVE-2024-45063 FreeBSD-SA-24:11.ctl
http= s://cgit.freebsd.org/src/commit/?id=3D62f40433ab47ad4a9694a22a0313d57661502= ca1
CVE-2024-43102 FreeBSD-SA-24:14.umtx

Uninitialized memory access
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D
https= ://cgit.freebsd.org/src/commit/?id=3Dea44766b78d639d3a89afd5302ec6feffaade8= 13
CVE-2024-8178 FreeBSD-SA-24:11.ctl
https://cgit.freeb= sd.org/src/commit/?id=3D0f2b2276abc305905e7d88619a7abca26b0dd7eb

Memory Leaks
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
https://cgit.freeb= sd.org/src/commit/?id=3D2909ddd17cb4d750852dc04128e584f93f8c5058

Incorrect union member access
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D
https= ://cgit.freebsd.org/src/commit/?id=3D9a5a7c90d5e5971fe2b9c9265e9279a6f173a8= f3
CVE-2024-6119 FreeBSD-SA-24:13.openssl

Concurrent unsychronized memory access
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
https://cgit.freeb= sd.org/src/commit/?id=3D1f5bf91a85e93afa17bc9c03fe7fade0852da046

RAII
=3D=3D=3D=3D
https://cgit.freeb= sd.org/src/commit/?id=3D4b3141f5d5373989598f9447ab5a9f87e2d1c9fb

Unchecked errors [^1]
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
https://cgit.freeb= sd.org/src/commit/?id=3D35f4984343229545881a324a00cdbb3980d675ce
https://cgit.freeb= sd.org/src/commit/?id=3Deced2e2f1e56b54753702da52a88fccbe73b3dcb
https://cgit.freeb= sd.org/src/commit/?id=3Df625d038d2ae59fa1ae81b76079da464ed6db61a

Not preventable by a safer programming language
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
https://cgit.freeb= sd.org/src/commit/?id=3D7d6932d20aedbbb220cd78e90ab4e82d1abaad31
https://cgit.freeb= sd.org/src/commit/?id=3D6efba04df3f8c77b9b12f1df3e5124a7249b82fc
https://cgit.freeb= sd.org/src/commit/?id=3D4b72bab96e8978eaed30fd44f7f51e1b4918d4db
https://cgit.freeb= sd.org/src/commit/?id=3Db64afa41d56e98b5817aaf14c7deb0fa7e2142fb

[^1]: while not memory-safety bugs, Rust's lints actually make
ignoring errors like this pretty difficult.=C2=A0 So I consider these bugs<= br> to have been preventable.

--000000000000e299b106217ae812--