undefined | Better HN

0 pointstechjamie1y ago0 comments

There is an option to not link to it for instances like OS writing and embedded. Writing everything in pure Rust without libc is entirely possible, even if an effort in losing sanity when you're reimplementing every syscall you need from scratch.

But even then, your code is calling out to kernel functions which are probably written in C or assembly, and therefore "dangerous."

Rust code safety is overhyped frequently, but reducing an attack surface is still an improvement over not doing so.

0 comments

jdefr891y ago

I agree and binary exploitation/Vulnerability Research is my area of expertise.. The whole "Lets port everything to Rust" is so misguided. Binary exploitation has already gotten 20x harder than say ten years ago.. Even so.. Most big breaches happen because people reuse their password or just give it out... Nation States are pretty much the only parties capable of delivering full kill chains that exploit, say chrome... That is why I moved to the embedded space.. Still so insecure...

pdimitar1y ago

> The whole "Lets port everything to Rust" is so misguided.

Well, good thing that nobody sane is saying that then.

iknowstuff1y ago

https://github.com/embassy-rs/embassy

PhilipRoman1y ago

Ironically using C without libc turns out to be easier (except for portability of course). The kernel ABI is much more sane than <stdio.h>. The only useful parts of libc are DNS resolution and text formatting, both of which it does rather poorly.

atiedebee1y ago

By text formatting, do you mean printf and the like? It is pretty powerful in my experience.

Also, DNS resolution isn't part of the C standard, it's a POSIX interface I think.

j / k navigate · click thread line to collapse