mleku on Nostr: #rust adherents are deluded in believing the idea that merely memory access ...
#rust adherents are deluded in believing the idea that merely memory access violations are the only kind of way in which the security of software is breached
firstly, this only applies to binary code running on physical or virtualized hardware, where a kernel is managing access to memory - it isn't relevant to such runtime environments like WASM or JVM because they already have automatic access controls and generally are not targeted by languages that have pointer arithmetic
secondly, more often the problem comes from poorly constructed access control systems, where simplicity of the code is the key thing to enabling the developers to notice that there is a problem and prevent the code running in the wild to be exploited by hackers looking to breach potentially valuable user data
thus, the more complex and circuitous the language syntax is, the more ways in which it can be made completely idiosyncratic by the use of macro programming, the harder it is to learn the language, ie, the more complex the syntax, the more ways in which errors in ACL systems can be introduced and lead to methods to bypass the ACL and/or privilege escalate to enable read/write access to data that is supposed to be privileged
and lastly, a hard to understand, and difficult to learn memory management system, that prevents the aforementioned buffer overflow attacks, creates a false sense of security for those who make decisions about what language to implement a system with
most of the shitcoins now run smart contracts written in rust, and unless i'm mistaken, the frequency of breaches and hacks has not changed one iota
#fuckrust
Published at
2024-04-03 11:57:27Event JSON
{
"id": "92c370b9225a5ae09e830ced6784703a5927c57a8e28a5b3ca15c13fc70b7316",
"pubkey": "4c800257a588a82849d049817c2bdaad984b25a45ad9f6dad66e47d3b47e3b2f",
"created_at": 1712145447,
"kind": 1,
"tags": [
[
"t",
"rust"
],
[
"t",
"fuckrust"
]
],
"content": "#rust adherents are deluded in believing the idea that merely memory access violations are the only kind of way in which the security of software is breached\n\nfirstly, this only applies to binary code running on physical or virtualized hardware, where a kernel is managing access to memory - it isn't relevant to such runtime environments like WASM or JVM because they already have automatic access controls and generally are not targeted by languages that have pointer arithmetic\n\nsecondly, more often the problem comes from poorly constructed access control systems, where simplicity of the code is the key thing to enabling the developers to notice that there is a problem and prevent the code running in the wild to be exploited by hackers looking to breach potentially valuable user data\n\nthus, the more complex and circuitous the language syntax is, the more ways in which it can be made completely idiosyncratic by the use of macro programming, the harder it is to learn the language, ie, the more complex the syntax, the more ways in which errors in ACL systems can be introduced and lead to methods to bypass the ACL and/or privilege escalate to enable read/write access to data that is supposed to be privileged\n\nand lastly, a hard to understand, and difficult to learn memory management system, that prevents the aforementioned buffer overflow attacks, creates a false sense of security for those who make decisions about what language to implement a system with\n\nmost of the shitcoins now run smart contracts written in rust, and unless i'm mistaken, the frequency of breaches and hacks has not changed one iota\n\n#fuckrust",
"sig": "070030919637d0bbccb73a2c849afb3d27121eae08035af81b14e0db8405df961ddf23ab7b205fd224cd310f3a28b9cd13c7dfb522c3892c2eda0af5e7570b3c"
}