Defining the Rust 2024 edition

Posted Jan 31, 2024 15:37 UTC (Wed) by Cyberax (✭ supporter ✭, #52523)
In reply to: Defining the Rust 2024 edition by bluca
Parent article: Defining the Rust 2024 edition

Perhaps we should stop using such a cheesy library (it's full of holes), then?

And yes, binary diffs are a thing. And static linking can be made patch-friendlier.

Posted Jan 31, 2024 18:46 UTC (Wed) by LtWorf (subscriber, #124958) [Link] (2 responses)

At least Rust standard library has no CVEs… except these ones I guess https://github.com/Qwaz/rust-cve

and the rust stdlib is smaller than the C one.

Posted Jan 31, 2024 18:52 UTC (Wed) by Cyberax (✭ supporter ✭, #52523) [Link]

This is misleading. It's a list of bugs that theoretically can allow the Rust stdlib to be used in an unsafe manner.

Basically, pretty much every function in glibc would be a CVE within this list.

Posted Jan 31, 2024 18:55 UTC (Wed) by mb (subscriber, #50428) [Link]

>At least Rust standard library has no CVEs…

Yes, Rust has bugs, too.

Rust does a CVE for every released unsoundness bug. (Please google for it, if you don't know what unsound means). They take their job seriously.

That doesn't mean these are actual security problems, though. (google "rust soundness", if you don't understand why)