1. 38

  2. 5

    C is no longer the only language you can write performant and reusable software in. Rust is a new kid on the block that does everything that C can, and exactly as fast, but makes computers perform all the safety checks instead of requiring humans to think about them. The vulnerabilities that plague C codebases are impossible in Rust!

    C hasn’t been the only such language for a while. Ada does everything C can, is exactly as fast, and makes computers perform all the safety checks, making a lot of vulnerabilities impossible. And what’s even better: it’s existed since the ‘80s, so it’s not even a new kid on the block – it’s a fully mature, battle-tested (literally!) alternative.

    It’s also incredibly well designed and thought through. The pieces just fit together the way you expect them to given the rest of the language.

    1. 1

      I feel I’m missing something here. The author makes a big thing about libcurl having security bugs, but that is an http client, which you can only use to exploit your own system? So my initial reaction is “meh, doesn’t really matter”. Is that inappropriate?

      I understand that if a service internally uses curl with user content it would be vulnerable, but that requires additional missing sanitation. And perhaps you can leverage one of the exploits into a local privilege escalation once you already have a shell, but that also requires additional missing safeguards, right? So am I missing something or is the author insufficiently distinguishing between ‘useless’ and actually dangerous security bugs?

      1. 3

        Libcurl is included in almost everything from services (e.g. PHP calls libcurl) through washing machines and even cars. Sure, multiple failsafes have to be bypassed for it to be exploitable, but that is the case with almost any serious exploit. It doesn’t happen often, but it happens.