lcamtuf :verified: :verified: :verified: (@lcamtuf@infosec.exchange)
infosec.exchange
The coreutils Rust rewrite story is pretty funny. Coreutils are tools like rm, mv, mkdir, etc. Unlike binutils, this isn't a fertile ground for memory safety bugs. But, the rewrite was completed, and in the spirit of progress, Canonical decided to switch. But do you know what coreutils are a fertile ground for? Race conditions around file creation, deletion, permission setting, and so on. The original code accounted for decades of hard-learned lessons in that space. The Rust rewrite did not: https://seclists.org/oss-sec/2026/q2/332 PS. I'm not dunking on Rust. It's just that... starting over from scratch has its hidden costs.
  • spectrums_coherence@piefed.socialEnglish
    5·
    3 days ago

    I am not happy about the license change for the rewrite. Theoretically, affine type system can be used to reason about deadlock and race conditions (although with caveats https://dl.acm.org/doi/abs/10.1145/3571229).

    That being said, race conditions are logical bugs, and a programming language is only as powerful as the specification provided to it. It is possible there are condition that developers are simply not aware of.

    It seems like specifying the race behavior of coreutil in an language agnostic way would be a fruitful endeavor.

    • Snarwin@fedia.io
      3·
      2 days ago

      The real underlying issue here is that the OS interfaces these programs rely on are extremely error-prone and difficult to use correctly. A naive implementation of these system utilities in any language is basically guaranteed to stumble into bugs and vulnerabilities like the ones described in the linked message.