Comment by aleksei
8 years ago
It is not the fault of the language if you use it wrong.
CloudFlare is to blame here, nothing else.
As for the reason why C, I'm pretty confident they knew what they were doing, and had considered other tools that did not meet all requirements.
Allow me an analogy. It's not the fault of a rope if you use it to cross between two skyscrapers and slip and fall to the ground. But if if you mind your life you use at least a safety cable to tie you to the rope, or use the lifts and cross at road level. There are still cars to watch for, but...
C is simply too dangerous, even the best developer can slip without noticing. There are safer alternatives now, we should start using them at least for new projects.
Security is a requirement. They must have been extremely confident indeed to write something like this in C, where a single mistake can make your program fail in catastrophic ways, with no help whatsoever from the compiler.
If some code has bugs, did the author just "use the language wrong"? People make mistakes, and we can prevent some of them by using better tools.
No, the language is bad if using it wrong can leak sensitive data.
The choice of language is wrong if you pick such a language in a situation where mistakes can lead to safety or security problems.
The first requirement is security.
But - I can't think of a single language in which using it "wrong" might not lead to info leaks? Any language with a runtime has to manage memory somehow at the runtime layer and so similar leaks can occur there depending upon design and implementation, and the wider OS context.
At the whole program/application level, when you create your own data structures, you can find lots of ways to leak them to the world.
No one calls C#, JavaScript and Python memory unsafe because their runtimes are implemented in C. Nor do I expect CF to not use Linux or Nginx because they are written in C. We have to live with C but I expect everyone who does anything safety or security critical to do everything they can to minimize the amount code that is susceptible to this class of bug.
Using a runtime with a safe language on top is a perfectly good example of doing that.
Logic errors causing leaks will always be a threat, but we shouldn't be leaking because of pointer arithmetic problems in custom C code. Not 2017.
1 reply →
You can leak sensitive data with any language. C is not used for web development on the client side, yet people abuse security holes in web apps all the time.
That's not an argument for using C. There are many classes of bugs and using a safe language only protects against one class.
What I'm saying is there is no excuse not to take that protection.