undefined | Better HN

0 pointswat100001mo ago0 comments

What language is your OS written in?

0 comments

groundzeros20151mo ago

It’s written in C I’m glad you asked. Do you have any exploits in the Linux process encapsulation to share?

Surely your not suggesting that the Rust compiler never produces exploitable code?

I probably don’t have such an exploit, since you’re probably running something up to date. There have been many in the past. I doubt the last one to be fixed is the last one to exist.

If your attitude is that getting exploited doesn’t matter because your software is unprivileged, you need some part of your stack to be unexploitable. That’s a tall order if everything is C.

You can get exploitable code out of any compiler. But you’re far more likely to get it from real-world C than real-world Rust.

groundzeros20151mo ago

> you need some part of your stack to be unexploitable.

Kernel level process isolation is extremely robust.

> If your attitude is that getting exploited doesn’t matter because your software is unprivileged

It’s not that exploits doesn’t matter. It’s that process architecture is a stronger form of guarantee than anything provided by a language runtime.

I agree that the place where rust is most beneficial is for programs that must be privileged and that are likely to face attack - such as a web server.

But the idea that you can’t securely use a C program in your stack or that rust magically makes process isolation irrelevant is incorrect.

1 more reply

j / k navigate · click thread line to collapse

0 comments

groundzeros20151mo ago

It’s written in C I’m glad you asked. Do you have any exploits in the Linux process encapsulation to share?

Surely your not suggesting that the Rust compiler never produces exploitable code?

wat10000OP1mo ago

I probably don’t have such an exploit, since you’re probably running something up to date. There have been many in the past. I doubt the last one to be fixed is the last one to exist.

If your attitude is that getting exploited doesn’t matter because your software is unprivileged, you need some part of your stack to be unexploitable. That’s a tall order if everything is C.

You can get exploitable code out of any compiler. But you’re far more likely to get it from real-world C than real-world Rust.

groundzeros20151mo ago

> you need some part of your stack to be unexploitable.

Kernel level process isolation is extremely robust.

> If your attitude is that getting exploited doesn’t matter because your software is unprivileged

It’s not that exploits doesn’t matter. It’s that process architecture is a stronger form of guarantee than anything provided by a language runtime.

I agree that the place where rust is most beneficial is for programs that must be privileged and that are likely to face attack - such as a web server.

But the idea that you can’t securely use a C program in your stack or that rust magically makes process isolation irrelevant is incorrect.

1 more reply

j / k navigate · click thread line to collapse