The coreutils Rust rewrite story is pretty funny.
-
@lcamtuf Rustaceans are the problem, not Rust itself. theyre like a lobbing group trying explicitly to boost their future employment demand much more than prioritized on doing the right thing as engineers or for the community. much like the AI VC are "talking up their book" even if its poison for the rest of us
@synlogic4242 Uutils started as someone’s personal project to learn rust, and “write a system utility” is frequently used as a basic exercise for learning. Uutils is doing exactly what it set out to do.
It’s not the fault of uutils that Canonical is dumb.
-
The coreutils Rust rewrite story is pretty funny.
Coreutils are tools like rm, mv, mkdir, etc. Unlike binutils, this isn't a fertile ground for memory safety bugs. But, the rewrite was completed, and in the spirit of progress, Canonical decided to switch.
But do you know what coreutils are a fertile ground for? Race conditions around file creation, deletion, permission setting, and so on. The original code accounted for decades of hard-learned lessons in that space. The Rust rewrite did not:
https://seclists.org/oss-sec/2026/q2/332
PS. I'm not dunking on Rust. It's just that... starting over from scratch has its hidden costs.
@lcamtuf There's also that human habit of getting complacent about all bugs when _some_ types of bugs are either impossible or very very hard to make because of language structure and tooling.
-
The coreutils Rust rewrite story is pretty funny.
Coreutils are tools like rm, mv, mkdir, etc. Unlike binutils, this isn't a fertile ground for memory safety bugs. But, the rewrite was completed, and in the spirit of progress, Canonical decided to switch.
But do you know what coreutils are a fertile ground for? Race conditions around file creation, deletion, permission setting, and so on. The original code accounted for decades of hard-learned lessons in that space. The Rust rewrite did not:
https://seclists.org/oss-sec/2026/q2/332
PS. I'm not dunking on Rust. It's just that... starting over from scratch has its hidden costs.
@lcamtuf a related observation would probably be: why did important, security-critical edge cases get handled without enough documentation to prevent them from reoccurring?
-
The coreutils Rust rewrite story is pretty funny.
Coreutils are tools like rm, mv, mkdir, etc. Unlike binutils, this isn't a fertile ground for memory safety bugs. But, the rewrite was completed, and in the spirit of progress, Canonical decided to switch.
But do you know what coreutils are a fertile ground for? Race conditions around file creation, deletion, permission setting, and so on. The original code accounted for decades of hard-learned lessons in that space. The Rust rewrite did not:
https://seclists.org/oss-sec/2026/q2/332
PS. I'm not dunking on Rust. It's just that... starting over from scratch has its hidden costs.
@lcamtuf Why do we keep calling uutils coreutils a rewrite?
-
@synlogic4242 Uutils started as someone’s personal project to learn rust, and “write a system utility” is frequently used as a basic exercise for learning. Uutils is doing exactly what it set out to do.
It’s not the fault of uutils that Canonical is dumb.
-
The coreutils Rust rewrite story is pretty funny.
Coreutils are tools like rm, mv, mkdir, etc. Unlike binutils, this isn't a fertile ground for memory safety bugs. But, the rewrite was completed, and in the spirit of progress, Canonical decided to switch.
But do you know what coreutils are a fertile ground for? Race conditions around file creation, deletion, permission setting, and so on. The original code accounted for decades of hard-learned lessons in that space. The Rust rewrite did not:
https://seclists.org/oss-sec/2026/q2/332
PS. I'm not dunking on Rust. It's just that... starting over from scratch has its hidden costs.
@lcamtuf Hey, would you care to elaborate or point me to resources explaining why the coreutils aren't fertile ground for memory safety issues? It's the first time I heard of this
-
The coreutils Rust rewrite story is pretty funny.
Coreutils are tools like rm, mv, mkdir, etc. Unlike binutils, this isn't a fertile ground for memory safety bugs. But, the rewrite was completed, and in the spirit of progress, Canonical decided to switch.
But do you know what coreutils are a fertile ground for? Race conditions around file creation, deletion, permission setting, and so on. The original code accounted for decades of hard-learned lessons in that space. The Rust rewrite did not:
https://seclists.org/oss-sec/2026/q2/332
PS. I'm not dunking on Rust. It's just that... starting over from scratch has its hidden costs.
@lcamtuf Not only that, some of the utils were not command line-compatible with their non-Rust counterparts.
Honestly, I don't understand why these utils were rewritten. They didn't need rewriting.
-
@ChuckMcManis @lcamtuf sometimes that's the only way to learn, but it's also often the most effective way to learn
@darkuncle @ChuckMcManis @lcamtuf Sure, but perhaps don't do your learning in production?
-
https://www.lego.com/en-us/product/death-star-75419 would like a word.
-
@darkuncle @ChuckMcManis @lcamtuf Sure, but perhaps don't do your learning in production?
@sten @ChuckMcManis @lcamtuf sometimes you have to get burned to learn not to touch the stove
-
The coreutils Rust rewrite story is pretty funny.
Coreutils are tools like rm, mv, mkdir, etc. Unlike binutils, this isn't a fertile ground for memory safety bugs. But, the rewrite was completed, and in the spirit of progress, Canonical decided to switch.
But do you know what coreutils are a fertile ground for? Race conditions around file creation, deletion, permission setting, and so on. The original code accounted for decades of hard-learned lessons in that space. The Rust rewrite did not:
https://seclists.org/oss-sec/2026/q2/332
PS. I'm not dunking on Rust. It's just that... starting over from scratch has its hidden costs.
@lcamtuf
Many of those seemingly trivial utilities are surprisingly complex: sort runs in multiple concurrent threads, "cp -a" must build a lookup table to detect hardlinks, and ps parses obscure files in /proc. There's plenty of ways to screw up that a type- and memory-safe language would catch.That said, the list of CVEs in the post is really impressive. Ditching the good old GNU coreutils might have been a tad overhasty.
-
https://www.lego.com/en-us/product/death-star-75419 would like a word.
-
@lcamtuf i do find that the crates dedicated to atomic file handling and temp files, in the interest of providing a uniform platform interface aren't as good as what's reachable in c.
it's not a fault of the rust language per se, but writing a safe interface at that level isn't easy, so it makes sense (and is in some sense a better default) to have high level, platform neutral access here.
@prozacchiwawa @lcamtuf yeah, but coreutils is an interface for shell languages. The shell doesn't care if underlying "util" was written in C or Rust
-
@darkuncle @ChuckMcManis @lcamtuf Sure, but perhaps don't do your learning in production?
@sten @darkuncle @ChuckMcManis @lcamtuf is it really production if it's not on my machine ?
-
@sten @darkuncle @ChuckMcManis @lcamtuf is it really production if it's not on my machine ?
@m33 @sten @darkuncle @ChuckMcManis @lcamtuf
yep, production is for debugging -
@lcamtuf Not only that, some of the utils were not command line-compatible with their non-Rust counterparts.
Honestly, I don't understand why these utils were rewritten. They didn't need rewriting.
-
@sten @darkuncle @ChuckMcManis @lcamtuf is it really production if it's not on my machine ?
@m33
I discovered at Google a tremendous laziness and lack of rigor because "well if it doesn't work or has problems we can roll it back." I came to think of it as The Google Principle and it can be more easily written as:The amount of care and thought that goes into a software change is proportional to the perceived difficulty of pushing that change into production.
-
@lcamtuf Not only that, some of the utils were not command line-compatible with their non-Rust counterparts.
Honestly, I don't understand why these utils were rewritten. They didn't need rewriting.
-
@lcamtuf a related observation would probably be: why did important, security-critical edge cases get handled without enough documentation to prevent them from reoccurring?
-
@lcamtuf There's also that human habit of getting complacent about all bugs when _some_ types of bugs are either impossible or very very hard to make because of language structure and tooling.
