← Back to context

Comment by jamal-kumar

4 years ago

Thanks Justine, you're doing the Lord's work here.

One of the best introductions I've seen to pledge() is Kristaps Dzonson's writeup on it that you can find here [1]. The whole website in general is furthermore a guide on how to write webapps in C, which may sound like a crazy idea to some people who have written it off as everything from an elaborate joke to a security nightmare that nobody should ever consider doing [2], but for people like me who end up having to write that kind of code in constrained execution environments it's been extremely enlightening and I really appreciate knowing how to do it more securely. If pledge is something I can access in Linux it really helps me out for things in the future going forward, I hope to create some cool things with it!

[1] https://learnbchs.org/pledge.html

[2] https://learnbchs.org/

11 comments

jamal-kumar

Reply
jart  4 years ago

Awesome blog post! Writing web apps in C? That doesn't sound crazy to me. If someone told me they were doing that, then I'd just assume they're trying to compete with Google Search for the title of the world's lowest-latency high-performance scalable website. If pledge() makes you feel less guilty about going for the gold, then I'd say that's a good thing. You might also be interested in Cosmopolitan Libc's ASAN and UBSAN support. It does things like print memory diagrams with backtraces with malloc origin tracing if you do something like overrun a buffer or use a piece of memory after it's freed. ASAN has been one of the most important tools that Google used to find security issues in Chrome. So I put a lot of work into implementing greenfield support for it in Cosmo. In fact, ASAN is so important, that even languages like Rust need to use it, since it makes the unsafe keyword safe! So please try Cosmo's implementation and let me know what you think. I believe Cosmo has the highest quality ASAN implementation that's available to the open source community.

  • jamal-kumar  4 years ago

    Yeah it's pretty much your best option (C or C++) when writing web apps for things like routers or for game consoles for example, which is the kind of use case I'm talking about. Your work here makes doing that so much easier and safer, which is really important considering how many routers are being exploited to be malicious these days.

    It might take a little while to catch on in those use cases but I've been waiting for someone to nail the implementation for a while. It's hardly a surprise that you of all people got it down, I've been admiring your work for quite some time.

    So how about those blog posts in Mayan Hieroglyphics?

    • staticassertion  4 years ago

      > Yeah it's pretty much your best option (C or C++) when writing web apps for things like routers or for game consoles for example,

      Why? This library obviously assumes you have an operating system running, so it's not that constrained of an environment.

      6 replies →

  • saagarjha  4 years ago

    > In fact, ASAN is so important, that even languages like Rust need to use it

    Yes…

    > since it makes the unsafe keyword safe!

    No. It's a debugging tool to help, but saying it makes the unsafe safe is a somewhat dangerous hyperbole.