← Back to context

Comment by akoboldfrying

7 hours ago

Do you have a specific library in mind? I think it would have to be an ancient, unmaintained C library.

But I think most OSS code isn't like this -- even C code born long ago, if it's still in wide use, has been hardened by now. Examples: Linux kernel, GNU userland, PostgreSQL, Python.

4 comments

akoboldfrying

Reply
bigiain  6 hours ago

> even C code born long ago, if it's still in wide use, has been hardened by now. Examples: Linux kernel

There have been two LPE vulnerability and exploits in the Linux kernel announced today. After the one announced just last week. I don't think as much of the C code born long ago has been as carefully hardened as you think.

(Copy Fail 2 and Dirty Frag today, and Copy Fail last week)

  • seba_dos1  5 hours ago

    One. "Copy Fail 2" and "Dirty Frag" are the same thing.

    • Brian_K_White  2 hours ago

      And consideing the size of the kenel, I call this stupendously good.

      You (anyone, not you personally) write that much code yourself and let's see how well you did in comparison.

  • akoboldfrying  5 hours ago

    Sure, I didn't mean to say that these examples are guaranteed 100% safe -- just that I trust them to be enormously more safe than software that accomplishes the same task that was hand-written by either a human or an an LLM last week.