510
One Of The Rust Linux Kernel Maintainers Steps Down - Cites "Nontechnical Nonsense"
(www.phoronix.com)
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
There's really only one valid response to Ted Ts'o:
If you think you can do better with C, prove it.
CVE-2024-42304 — crash from undocumented function parameter invariants
CVE-2024-40955 — out of bounds read
CVE-2024-0775 — use-after-free
CVE-2023-2513 — use-after-free
CVE-2023-1252 — use-after-free
CVE-2022-1184 — use-after-free
CVE-2020-14314 — out of bounds read
CVE-2019-19447 — use-after-free
CVE-2018-10879 — use-after-free
CVE-2018-10878 — out of bounds write
CVE-2018-10881 — out of bounds read
CVE-2015-8324 — null pointer dereference
CVE-2014-8086 — race condition
CVE-2011-2493 — call function pointer in uninitialized struct
CVE-2009-0748 — null pointer dereference
How many vulnerabilities have the kernel Rust team introduced in the same time period on the same code?
Let me know when you find one?
Memory ownership isn't the only source of vulnerabilities. It's a big issue, sure, but don't think rust code is invulnerable.
Of course. Rust isn't immune to logic errors, off-by-one mistakes, and other such issues. Nor is it memory safe in
unsafe
blocks.Just by virtue of how memory safety issues account for 50%+ of vulnerabilities, it's worth genuinely considering as long as the bindings don't cause maintainability issues.
The bindings cause maintainability issues. That's the problem.