Rewriting the GNU Coreutils in Rust

Posted Jun 10, 2021 2:00 UTC (Thu) by karkhaz (subscriber, #99844)
In reply to: Rewriting the GNU Coreutils in Rust by jezuch
Parent article: Rewriting the GNU Coreutils in Rust

Admittedly this paper is from 2008, but:

> KLEE found ten unique bugs in COREUTILS (usually memory error crashes). Figure 7 gives the commandlines used to trigger them. The first three errors existed since at least 1992, so should theoretically crash any COREUTILS distribution up to 6.10

From https://llvm.org/pubs/2008-12-OSDI-KLEE.html.

Rewriting the GNU Coreutils in Rust

Posted Jun 10, 2021 9:22 UTC (Thu) by helge.bahmann (subscriber, #56804) [Link]

Sure, I bet there is also at the very least one more memory-safety bug in coreutils it's just... I'm just not sure if it is the most pressing problem -- e.g. the things klee found 12 years(!) ago: Okay mknod crashes when passing an invalid security context -- that's embarrassing and shouldn't happen and everything, but is it a serious issue problem? After all, if someone manages to call mknod with an invalid security context causing it to crash and misbehave, things have gone so wrong that they might also have called it with a _valid_ but wrong security context and compromised the system anyways. FWIW, nasty coreutil CVEs include things like TOCTOU races regarding symlink handling & such which are not solvable by any language means whatsoever.