The coreutils Rust rewrite story is pretty funny.
-
The coreutils Rust rewrite story is pretty funny.
Coreutils are tools like rm, mv, mkdir, etc. Unlike binutils, this isn't a fertile ground for memory safety bugs. But, the rewrite was completed, and in the spirit of progress, Canonical decided to switch.
But do you know what coreutils are a fertile ground for? Race conditions around file creation, deletion, permission setting, and so on. The original code accounted for decades of hard-learned lessons in that space. The Rust rewrite did not:
https://seclists.org/oss-sec/2026/q2/332
PS. I'm not dunking on Rust. It's just that... starting over from scratch has its hidden costs.
@lcamtuf
$ mkfafo --version -
@fogti @ireneista @lcamtuf but why do it at all? I'm usually among the first to advocate beating with blunt objects as punishment for using C in any serious context, but these are some of the most extensively stress-tested pieces of software known to mankind and, as the OT states, not to be expected to be plagued by hideous hidden memory bugs anyway.
-
-
The coreutils Rust rewrite story is pretty funny.
Coreutils are tools like rm, mv, mkdir, etc. Unlike binutils, this isn't a fertile ground for memory safety bugs. But, the rewrite was completed, and in the spirit of progress, Canonical decided to switch.
But do you know what coreutils are a fertile ground for? Race conditions around file creation, deletion, permission setting, and so on. The original code accounted for decades of hard-learned lessons in that space. The Rust rewrite did not:
https://seclists.org/oss-sec/2026/q2/332
PS. I'm not dunking on Rust. It's just that... starting over from scratch has its hidden costs.
-
The coreutils Rust rewrite story is pretty funny.
Coreutils are tools like rm, mv, mkdir, etc. Unlike binutils, this isn't a fertile ground for memory safety bugs. But, the rewrite was completed, and in the spirit of progress, Canonical decided to switch.
But do you know what coreutils are a fertile ground for? Race conditions around file creation, deletion, permission setting, and so on. The original code accounted for decades of hard-learned lessons in that space. The Rust rewrite did not:
https://seclists.org/oss-sec/2026/q2/332
PS. I'm not dunking on Rust. It's just that... starting over from scratch has its hidden costs.
@lcamtuf "The original code accounted for decades of hard-learned lessons in that space."
Yeah, that was in a textbook - sorry, forget which one - I read decades ago. Not news.
(The general message as described in that sentence, not this specific case.)
-
The coreutils Rust rewrite story is pretty funny.
Coreutils are tools like rm, mv, mkdir, etc. Unlike binutils, this isn't a fertile ground for memory safety bugs. But, the rewrite was completed, and in the spirit of progress, Canonical decided to switch.
But do you know what coreutils are a fertile ground for? Race conditions around file creation, deletion, permission setting, and so on. The original code accounted for decades of hard-learned lessons in that space. The Rust rewrite did not:
https://seclists.org/oss-sec/2026/q2/332
PS. I'm not dunking on Rust. It's just that... starting over from scratch has its hidden costs.
@lcamtuf The Tiobe index still gives Rust very low percentages: it will take some years to rise as Java did before, or to go where Python is now. Someone ignites faster, some slower, but in the end they all live in the hope to burn C. Which doesn't take fire, and looks at all these fireballs passing.
Or maybe not, and suddenly C will disappear. I bet my five cents it won't happen in my lifetime. In any case, I voluntary plan to be cremated
And to not be listed on Tiobe index! 
-
@Seirdy@pleroma.envs.net @lcamtuf@infosec.exchange @Doomed_Daniel@mastodon.gamedev.place @ireneista@adhd.irenes.space one of the things you notice when you're using MacOS, FreeBSD etc... they parse arguments differently. They don't rely on getopt_long (GNU's getopt shit) and so you end up with situations like
rm -rf ./shitass -v
not running because -v is an unknown file, and it expects the arguments before.@puppygirlhornypost2@transfem.social @Seirdy@pleroma.envs.net @lcamtuf@infosec.exchange @Doomed_Daniel@mastodon.gamedev.place @ireneista@adhd.irenes.space
(dnf, redhat's package manager, doesn't either🫠) -
@q @ireneista @erincandescent @pinskia @lcamtuf we know *for sure* that browsers get involved in "emoji presentation" because we reported a bug in that area
Firefox also has a hack workaround to ignore "Segoe UI Emoji" for country flags, specifically to fix Mastodon (and some other sites of this nature which use a "OS font stack" philosophy)
@q @ireneista @erincandescent @pinskia @lcamtuf
y'know, with how much advanced typography browsers actually do support....we've seen an extremely stale and unimaginative set of UI/UX paradigms that take advantage of basically none of it
-
@q @ireneista @erincandescent @pinskia @lcamtuf
y'know, with how much advanced typography browsers actually do support....we've seen an extremely stale and unimaginative set of UI/UX paradigms that take advantage of basically none of it
@r @q @erincandescent @pinskia @lcamtuf yeah exactly.... it's no longer a generative process, in the social sense. new features no longer fire up public excitement to see what people can make with them.
-
@ChuckMcManis @lcamtuf came to say this, you beat me to it, well done
-
@r @q @erincandescent @pinskia @lcamtuf yeah exactly.... it's no longer a generative process, in the social sense. new features no longer fire up public excitement to see what people can make with them.
@r @q @erincandescent @pinskia @lcamtuf ouch.... we just realized, the last time we saw people excited to be creative with a new browser feature
it was JPEG XL
-
@r @q @erincandescent @pinskia @lcamtuf ouch.... we just realized, the last time we saw people excited to be creative with a new browser feature
it was JPEG XL
@ireneista @q @erincandescent @pinskia @lcamtuf oh, that's way more recent than the last time we were excited: the long painful drawn-out process of rolling out ES6 modules (which apparently "everybody else" gave up on, because bundlers)
-
Deus forbid if they create a functional specification of how the existing utilities work, before converting / rewriting them in a new language
️@simonzerafa
But the question is also where the responsibility lies for the lack of documentation and (much more importantly) unit tests. If the learning curve was so steep when it came to eliminating all race conditions, where are the tests that verified precisely these issues? Of course, it’s clear that the bug-fixing culture at the time didn’t have a “must-have 100% test coverage” requirement. But it’s also not easy to implement these tests now through reverse engineering.I don't think a lack of documentation and testing is necessarily the main obstacle to a new development. In fact, they might even be a reason for it.
However, you shouldn't put such newly developed software into production right away.
@lcamtuf -
@lcamtuf
I learned C++ after Modula-2 and before C.
I learned programming earlier.Learning a programming language isn't learning programming (extracting requirements, specification, design, coding, test etc).
I looked at Rust. C++ certainly has got too complicated since 1987, but I wonder does Rust *only* help with memory safety?
Main memory safety in general relates to using pointers that are invalid, accessing arrays out of bounds and past the end of strings.
Partly bad libraries & design.@raymaccarthy
Main memory safety in general, including threads. So, it's a "little" bit more -
@xerz@soc.masfloss.net @hypha@cafe.mycelium.locahlo.st @star@fed.amazonawaws.com @lcamtuf@infosec.exchange Last I had heard from gccrust is that it couldn’t even be used for bootstrap compiling yet, without enforcing any of the semantics a Rust compiler is expected to.
It’s unclear whether it also now does that as of this progress report or not. If it does then that would be progress indeed.
@lispi314 @xerz @hypha @lcamtuf you don't need borrow checking in well-formed programs. You need borrow checking to ensure a program is safe. the rust compiler is currently the definition of what is well-formed so you don't really have an advantage if you compile the 1.49 sources with or without borrow checking -
The coreutils Rust rewrite story is pretty funny.
Coreutils are tools like rm, mv, mkdir, etc. Unlike binutils, this isn't a fertile ground for memory safety bugs. But, the rewrite was completed, and in the spirit of progress, Canonical decided to switch.
But do you know what coreutils are a fertile ground for? Race conditions around file creation, deletion, permission setting, and so on. The original code accounted for decades of hard-learned lessons in that space. The Rust rewrite did not:
https://seclists.org/oss-sec/2026/q2/332
PS. I'm not dunking on Rust. It's just that... starting over from scratch has its hidden costs.
@lcamtuf Of course it didn't, an LLM wouldn't account for that.
-
The coreutils Rust rewrite story is pretty funny.
Coreutils are tools like rm, mv, mkdir, etc. Unlike binutils, this isn't a fertile ground for memory safety bugs. But, the rewrite was completed, and in the spirit of progress, Canonical decided to switch.
But do you know what coreutils are a fertile ground for? Race conditions around file creation, deletion, permission setting, and so on. The original code accounted for decades of hard-learned lessons in that space. The Rust rewrite did not:
https://seclists.org/oss-sec/2026/q2/332
PS. I'm not dunking on Rust. It's just that... starting over from scratch has its hidden costs.
@lcamtuf People keep stepping on that rake.
-
@ChuckMcManis @lcamtuf now why the hell, after all these years, have I not heard of Chesterton’s Fence? Is this what I missed by not learning my trade at a uni? Kinda rhetorical, but I _still_ feel I must’ve missed something other than the debt…
Anyway, thank you. It’s going to provide a nice two-worder when reviewing prs by newbies - and a lot of oldbies and, lest l forget, their sloppy chums.
If it's any comfort, I got my bachelor's degree in CS, yet Chesterton's Fence was never mentioned there. I only learned it later in life due to memes. So don't feel bad about the uni thing
-
@BalooUriza People who hate the GPL and wanted to get rid of it, from what I heard.
It also felt like a fair bit of "this is a known quantity and a fun task to undertake just because I'm learning a new language". Almost like a joke that got taken too far
-
If it's any comfort, I got my bachelor's degree in CS, yet Chesterton's Fence was never mentioned there. I only learned it later in life due to memes. So don't feel bad about the uni thing
@gumnos @Kynx @ChuckMcManis @lcamtuf same. I still have to look it up every time I see it mentioned, and every time I think “oh, right; yeah, obviously”
🥰
️
