Blazingly 🔥 fast 🚀 memory vulnerabilities, written in 100% safe Rust. 🦀
Paul Backus
snarwin at gmail.com
Sat Mar 30 14:25:42 UTC 2024
On Saturday, 30 March 2024 at 13:13:11 UTC, Bastiaan Veelo wrote:
> On Thursday, 28 March 2024 at 13:35:27 UTC, RazvanN wrote:
>> Just for fun: https://github.com/Speykious/cve-rs
>>
>> "cve-rs allows you to introduce common memory vulnerabilities
>> (such as buffer overflows and segfaults) into your Rust
>> program in a memory safe manner."
>
> Interesting to see that the language that acquired the public
> perception of having a monopoly on safety, is not in fact
> absolutely safe. Some say it cannot ever be[1]. I don't know
> Rust, and I know @safe D is not perfect either, but I do wonder
> how @safe D stacks up against these particular vulnerabilities.
> It could make for an interesting article.
The linked code works by exploiting a bug in the Rust compiler's
lifetime inference. [1]
Certainly it's unfortunate for Rust that this bug exists, but I
don't think it makes sense to pass judgement on the overall
design of Rust's lifetime system based on the existence of an
implementation bug.
If we were to hold D to the same standard, I do not think it
would compare favorably.
[1]
https://github.com/Speykious/cve-rs/blob/main/src/lifetime_expansion.rs
More information about the Digitalmars-d
mailing list