| ▲ | bitwize 3 hours ago | |||||||||||||||||||||||||
"'Nothing could have prevented this from happening,' say users of only language where this happens" comes to bite OpenBSD. | ||||||||||||||||||||||||||
| ▲ | amiga386 2 hours ago | parent | next [-] | |||||||||||||||||||||||||
OpenBSD wouldn't say anything like that. They're well aware of the 40+ year old codebase's limitations, but accept it because they're not so stupid as to "rewrite it in <other language>" which will bring a million bugs. They've innovated again and again in the security space and aggressively bring in new security features like pf, OpenSSH, W^X enforcement, pledge(), arc4random(), ASLR, so many other things. Unlike, say, NPM, which can't even replicate existing packaging systems like yum or apt, and has been plagued with security flaws despite being built entirely out of a memory-safe language. Quite an achievement. | ||||||||||||||||||||||||||
| ▲ | efficax 2 hours ago | parent | prev | next [-] | |||||||||||||||||||||||||
It's difficult to say if a kernel written in rust would not have similar vulnerabilites, because it would be impossible to build a kernel without significant amounts of `unsafe`. | ||||||||||||||||||||||||||
| ▲ | anoneng 2 hours ago | parent | prev | next [-] | |||||||||||||||||||||||||
Tell us you know nothing about kernel programming and trust stacks while you are at it. | ||||||||||||||||||||||||||
| ||||||||||||||||||||||||||
| ▲ | applfanboysbgon 3 hours ago | parent | prev [-] | |||||||||||||||||||||||||
The OpenBSD project was started in 1995, with ancestry going back further than that. Should they have first invented Rust? Or at what point do you suppose the decades-old codebase should have been completely rewritten? | ||||||||||||||||||||||||||
| ||||||||||||||||||||||||||