Comment by WhereIsTheTruth
2 days ago
> Rust certainly calms security fears
No, memory safety is not security, Rust's memory guarantees eliminate some issues, but they also create a dangerous overconfidence, devs treat the compiler as a security audit and skip the hard work of threat modeling
A vigilant C programmer who manually validates everything and use available tools at its disposal is less risky than a complacent Rust programmer who blindly trust the language
> A vigilant C programmer who manually validates everything and use available tools at its disposal is less risky than a complacent Rust programmer who blindly trust the language
I agree with this. But for a component whose job is to parse data and produce pixels, the security worries I have are memory ones. It's not implementing a permissions model or anything where design and logic are really important. The security holes an image codec would introduce are the sort where it a buffer overun gave an execution primitive (etc.).
Rust programmers are far more likely to have the vigilant mindset than C programmers, or they wouldn't be using Rust.
You can get an awful lot done very quickly in C if you aren't bothered about security - and traditionally, most of the profession has done exactly that.
> A vigilant C programmer who manually validates everything and use available tools at its disposal is less risky than a complacent Rust programmer who blindly trust the language
What about against a vigilant Rust programmer who also manually validates everything and uses available tools at its disposal?
History shows that either vigilance of most C programmers is not enough, or they are not vigilant at all. C/C++ and RCE via some buffer overflow is like synonyms.
> A vigilant C programmer who manually validates everything
So, a fairy-tale character?
I can't believe someone is still using this argument. Is this sarcasm?