| ▲ | pheggs 2 hours ago |
| I love rust but honestly I am more scared about supply chain attacks through cargo than memory corruption bugs. The reason being that supply chain attacks are probably way cheaper to pull off than finding these bugs |
|
| ▲ | cogman10 2 hours ago | parent | next [-] |
| If you can bring in 3rd party libraries, you can be hit with a supply chain attack. C and C++ aren't immune, it's just harder to pull off due to dependency management being more complex (meaning you'll work with less dependencies naturally). |
| |
| ▲ | skydhash an hour ago | parent [-] | | You’ll find more quality libraries in C because people don’t care about splitting them down to microscopic parcels. Even something like ‘just’ have tens of deps, including one to check that something is executable. https://github.com/casey/just/blob/master/Cargo.toml That’s just asking for trouble down the line. | | |
| ▲ | bigfatkitten 24 minutes ago | parent | next [-] | | You also won’t typically find C/C++ developers blinding yolo’ing the latest version of a dependency from the Internet into their CI/CD pipeline. They’ll stick with a stable version that has the features they need until they have a good reason to move. That version will be one they’ve decided to ship themselves, or it’ll be provided by someone like Debian or Red Hat. | |
| ▲ | pheggs 37 minutes ago | parent | prev [-] | | yes, the average amount of dependencies used per dependency appears to be much larger in rust and thats what I meant and is worrying me. In theory C can be written in a memory safe manner, and in theory rust can be used without large junks of supply vulnerabilities. both of these are not the case in practice though |
|
|
|
| ▲ | kibwen 2 hours ago | parent | prev | next [-] |
| But this is irrelevant. If you're afraid of third-party code, you can just... choose not to use third-party code? Meanwhile, if I'm afraid of memory corruption in C, I cannot just choose not to have memory corruption; I must instead simply choose not to use C. Meanwhile, Chromium uses tons of third-party Rust code, and has thereby judged the risk differently. |
| |
| ▲ | JoeAltmaier 2 hours ago | parent [-] | | Maybe it's more complicated than that? With allocate/delete discipline, C can be fairly safe memory-wise (written a million lines of code in C). But automated package managers etc can bring in code under the covers, and you end up with something you didn't ask for. By that point of view, we reverse the conclusion. | | |
| ▲ | nagaiaida an hour ago | parent | next [-] | | yes, people often invoke "simply write safer c" but that doesn't make it any more realistic of a proposition in aggregate as we keep seeing. | |
| ▲ | stackghost an hour ago | parent | prev [-] | | >With allocate/delete discipline, C can be fairly safe memory-wise (written a million lines of code in C) The last 40-50 years have conclusively shown us that relying on the programmer to be disciplined, yourself included, does not work. |
|
|
|
| ▲ | staticassertion 2 hours ago | parent | prev [-] |
| Google already uses `cargo-vet` for rust dependencies. |
| |
| ▲ | pheggs 2 hours ago | parent [-] | | thats good, but it wont eliminate the risk | | |
| ▲ | staticassertion 2 hours ago | parent [-] | | Nothing eliminates the risk but it is basically a best-in-class solution. If your primary concern is supply chain risk, there you go, best in class defense against it. If anything, what are you doing about supply chain for the existing code base? How is cargo worse here when cargo-vet exists and is actively maintained by Google, Mozilla, and others? | | |
| ▲ | pheggs 33 minutes ago | parent [-] | | true, but rusts success in creating an easy to use dependency manager is the curse. In general rust software seems to use a larger amount of dependencies than c/c++ due to that, where each is at risk of becoming an attack vector. my prediction is that we will see some abuse of this in future, similar to what npm experienced |
|
|
|
