| ▲ | FiloSottile 5 days ago |
| I have never seen real Go code (i.e. not code written purposefully to be exploitable) that was exploitable due to a data race. This doesn’t prove a negative, but is probably a good hint that this risk is not something worth prioritizing for Go applications from a security point of view. Compare this with C/C++ where 60-75% of real world vulnerabilities are memory safety vulnerabilities. Memory safety is definitely a spectrum, and I’d argue there are diminishing returns. |
|
| ▲ | stouset 5 days ago | parent | next [-] |
| Maintenance in general is a burden much greater than CVEs. Exploits are bad, certainly, but a bug not being exploitable is still a bug that needs to be fixed. With maintenance being a "large" integer multiple of initial development, anything that brings that factor down is probably worth it, even if it comes at an incremental cost in getting your thing out the door. |
| |
| ▲ | 9rx 5 days ago | parent | next [-] | | > but a bug not being exploitable is still a bug that needs to be fixed. Do you? Not every bug needs to be fixed. I've never see a data race bug in documented behaviour make it past initial development. I have seen data races in undocumented behaviour in production, but as it isn't documented, your program doesn't have to do that! It doesn't matter if it fails. It wasn't a concern of your program in the first place. That is still a problem if an attacker uses undocumented behaviour to find an exploit, but when it is benign... Oh well. Who cares? | |
| ▲ | 5 days ago | parent | prev [-] | | [deleted] |
|
|
| ▲ | LtWorf 5 days ago | parent | prev [-] |
| I have! What do i win? |
| |
| ▲ | EE84M3i 5 days ago | parent [-] | | Was it open source? Would be interested to know more. | | |
| ▲ | LtWorf 5 days ago | parent [-] | | Yeah, reading binary files in go with an mmap library and the whole file is based on offsets to point to other sections of the file. Damaged file or programming error and segfault. | | |
| ▲ | ncruces 4 days ago | parent [-] | | How is that a data race? Also, you're using unsafe. The post is about data races in safe Go leading to crashes or exploits, because things like "eface" (the tuple used to implement interfaces) and slices (again a tuple) are multi-word and thus impossible to update atomically. This is not an issue in Java because such things always box behind a pointer. | | |
| ▲ | debugnik 4 days ago | parent [-] | | Note that C#'s Memory<T> (a slice) isn't boxed either, but it stays memory-safe under tearing: the resulting slice might have unintended bounds, but it will either be in-bounds or will throw an exception. This of course has some overhead, which is why you usually turn it into the cheaper, data race free Span<T>. Go could have the same safety and fix some of the overhead with compiler optimizations, they just don't want to take the trade-off. |
|
|
|
|
