Just for fun: https://github.com/Speykious/cve-rs
"cve-rs allows you to introduce common memory vulnerabilities (such as buffer overflows and segfaults) into your Rust program in a memory safe manner."
Thread overview | ||||||||
---|---|---|---|---|---|---|---|---|
|
March 28 Blazingly 🔥 fast 🚀 memory vulnerabilities, written in 100% safe Rust. 🦀 | ||||
---|---|---|---|---|
| ||||
Just for fun: https://github.com/Speykious/cve-rs "cve-rs allows you to introduce common memory vulnerabilities (such as buffer overflows and segfaults) into your Rust program in a memory safe manner." |
March 29 Re: Blazingly 🔥 fast 🚀 memory vulnerabilities, written in 100% safe Rust. 🦀 | ||||
---|---|---|---|---|
| ||||
Posted in reply to RazvanN | On 29/03/2024 2:35 AM, RazvanN wrote:
> Just for fun: https://github.com/Speykious/cve-rs
>
> "cve-rs allows you to introduce common memory vulnerabilities (such as buffer overflows and segfaults) into your Rust program in a memory safe manner."
You gotta love a lack of type state analysis and value tracking lol.
|
March 30 Re: Blazingly 🔥 fast 🚀 memory vulnerabilities, written in 100% safe Rust. 🦀 | ||||
---|---|---|---|---|
| ||||
Posted in reply to RazvanN | On Thursday, 28 March 2024 at 13:35:27 UTC, RazvanN wrote: >Just for fun: https://github.com/Speykious/cve-rs "cve-rs allows you to introduce common memory vulnerabilities (such as buffer overflows and segfaults) into your Rust program in a memory safe manner." Interesting to see that the language that acquired the public perception of having a monopoly on safety, is not in fact absolutely safe. Some say it cannot ever be[1]. I don't know Rust, and I know @safe D is not perfect either, but I do wonder how @safe D stacks up against these particular vulnerabilities. It could make for an interesting article. -- Bastiaan. |
March 30 Re: Blazingly 🔥 fast 🚀 memory vulnerabilities, written in 100% safe Rust. 🦀 | ||||
---|---|---|---|---|
| ||||
Posted in reply to Bastiaan Veelo | On Saturday, 30 March 2024 at 13:13:11 UTC, Bastiaan Veelo wrote: >On Thursday, 28 March 2024 at 13:35:27 UTC, RazvanN wrote: >Just for fun: https://github.com/Speykious/cve-rs "cve-rs allows you to introduce common memory vulnerabilities (such as buffer overflows and segfaults) into your Rust program in a memory safe manner." Interesting to see that the language that acquired the public perception of having a monopoly on safety, is not in fact absolutely safe. Some say it cannot ever be[1]. I don't know Rust, and I know @safe D is not perfect either, but I do wonder how @safe D stacks up against these particular vulnerabilities. It could make for an interesting article. The linked code works by exploiting a bug in the Rust compiler's lifetime inference. [1] Certainly it's unfortunate for Rust that this bug exists, but I don't think it makes sense to pass judgement on the overall design of Rust's lifetime system based on the existence of an implementation bug. If we were to hold D to the same standard, I do not think it would compare favorably. [1] https://github.com/Speykious/cve-rs/blob/main/src/lifetime_expansion.rs |
April 01 Re: Blazingly 🔥 fast 🚀 memory vulnerabilities, written in 100% safe Rust. 🦀 | ||||
---|---|---|---|---|
| ||||
Posted in reply to Paul Backus | On Saturday, 30 March 2024 at 14:25:42 UTC, Paul Backus wrote: >Certainly it's unfortunate for Rust that this bug exists, but I don't think it makes sense to pass judgement on the overall design of Rust's lifetime system based on the existence of an implementation bug. In absence of a language specification, it is hard to judge whether a flaw is an implementation bug or not. The Hacker News thread that I linked to has an endless discussion on whether this one is more fundamental. The problem has been known for nine years. >If we were to hold D to the same standard, I do not think it would compare favorably. You may be right. — Bastiaan. |
April 01 Re: Blazingly 🔥 fast 🚀 memory vulnerabilities, written in 100% safe Rust. 🦀 | ||||
---|---|---|---|---|
| ||||
Posted in reply to Bastiaan Veelo | On Monday, 1 April 2024 at 14:11:58 UTC, Bastiaan Veelo wrote: >On Saturday, 30 March 2024 at 14:25:42 UTC, Paul Backus wrote: >If we were to hold D to the same standard, I do not think it would compare favorably. You may be right. Are there any bugs with @safe where a viable solution is not known? Some bugs didn't get a solution because of breakage, but once we have editions, hopefully those can be fixed. |