The coreutils Rust rewrite story is pretty funny.
-
@ireneista @lcamtuf I think in this case it would've been possible to properly rewrite hem one by one, but the metric appears to be more a quantity-over-quality "lets get this out of the door quickly", i.e. the incentives weren't placed right.
-
@lcamtuf I've heard a lot of funny stories like this in previous years. Like for example a startup trying to rewrite the TCP stack by their own from scratch because they can do it more efficient.
Soon they learned how a real environment, or better said, the real life really is. -
The coreutils Rust rewrite story is pretty funny.
Coreutils are tools like rm, mv, mkdir, etc. Unlike binutils, this isn't a fertile ground for memory safety bugs. But, the rewrite was completed, and in the spirit of progress, Canonical decided to switch.
But do you know what coreutils are a fertile ground for? Race conditions around file creation, deletion, permission setting, and so on. The original code accounted for decades of hard-learned lessons in that space. The Rust rewrite did not:
https://seclists.org/oss-sec/2026/q2/332
PS. I'm not dunking on Rust. It's just that... starting over from scratch has its hidden costs.
isn't a fertile ground for memory safety bugs
Mm. Another write-up, admittedly on a pro-Rust site, collected the recent GNU coreutils CVEs and they do seem to still be having memory safety bugs even after X decades of development. Are these as bad as TOCTOU bugs? Probably not, but I'm not sure "start over from scratch" comes off as poorly with these stats. https://corrode.dev/blog/bugs-rust-wont-catch/#what-rust-did-prevent
-
@ireneista@adhd.irenes.space @lcamtuf@infosec.exchange @Doomed_Daniel@mastodon.gamedev.place Well there's always the ability for clean room implementation, no?
-
@ireneista@adhd.irenes.space @lcamtuf@infosec.exchange @Doomed_Daniel@mastodon.gamedev.place Well there's always the ability for clean room implementation, no?
@lcamtuf@infosec.exchange @Doomed_Daniel@mastodon.gamedev.place @ireneista@adhd.irenes.space I will admit it does sound extremely stupid to cleanroom implement coreutils but at the same time I feel like that could have mitigated some of the issue here.
-
The coreutils Rust rewrite story is pretty funny.
Coreutils are tools like rm, mv, mkdir, etc. Unlike binutils, this isn't a fertile ground for memory safety bugs. But, the rewrite was completed, and in the spirit of progress, Canonical decided to switch.
But do you know what coreutils are a fertile ground for? Race conditions around file creation, deletion, permission setting, and so on. The original code accounted for decades of hard-learned lessons in that space. The Rust rewrite did not:
https://seclists.org/oss-sec/2026/q2/332
PS. I'm not dunking on Rust. It's just that... starting over from scratch has its hidden costs.
@lcamtuf they did a writeup here https://corrode.dev/blog/bugs-rust-wont-catch/#what-rust-did-prevent
to be fair, the original uutils may not be a hotbed of memory safety bugs but the linked section cites a bunch
-
@Doomed_Daniel@mastodon.gamedev.place @lcamtuf@infosec.exchange @ireneista@adhd.irenes.space I think you mistook musl for BusyBox. I did the same thing in my head. (musl is an MIT-licensed C standard library implementation) It appears BusyBox (alternative to gnu coreutils) is also licensed under GPLv2, unfortunately.
-
@david_chisnall @lcamtuf Try to write to C++ ‚cout‘ concurrently. Complete clown fiesta!
using std::cout concurrently does not cause data races (no UB). If youvwant to get output readably together use std::osyncstream wrapper around the global object or any other shared ostream object.
-
@Seirdy@pleroma.envs.net @lcamtuf@infosec.exchange @Doomed_Daniel@mastodon.gamedev.place @ireneista@adhd.irenes.space one of the things you notice when you're using MacOS, FreeBSD etc... they parse arguments differently. They don't rely on getopt_long (GNU's getopt shit) and so you end up with situations like
rm -rf ./shitass -v
not running because -v is an unknown file, and it expects the arguments before. -
@Seirdy@pleroma.envs.net @lcamtuf@infosec.exchange @Doomed_Daniel@mastodon.gamedev.place @ireneista@adhd.irenes.space one of the things you notice when you're using MacOS, FreeBSD etc... they parse arguments differently. They don't rely on getopt_long (GNU's getopt shit) and so you end up with situations like
rm -rf ./shitass -v
not running because -v is an unknown file, and it expects the arguments before.@lcamtuf@infosec.exchange @Seirdy@pleroma.envs.net @Doomed_Daniel@mastodon.gamedev.place @ireneista@adhd.irenes.space like it's really kinda fascinating in a way, but also immensely frustrating if you were used to "gnuisms".
-
The coreutils Rust rewrite story is pretty funny.
Coreutils are tools like rm, mv, mkdir, etc. Unlike binutils, this isn't a fertile ground for memory safety bugs. But, the rewrite was completed, and in the spirit of progress, Canonical decided to switch.
But do you know what coreutils are a fertile ground for? Race conditions around file creation, deletion, permission setting, and so on. The original code accounted for decades of hard-learned lessons in that space. The Rust rewrite did not:
https://seclists.org/oss-sec/2026/q2/332
PS. I'm not dunking on Rust. It's just that... starting over from scratch has its hidden costs.
@lcamtuf the only dumb thing I can see is that Canonical decided to switch before a comprehensive external audit had been performed.
-
The coreutils Rust rewrite story is pretty funny.
Coreutils are tools like rm, mv, mkdir, etc. Unlike binutils, this isn't a fertile ground for memory safety bugs. But, the rewrite was completed, and in the spirit of progress, Canonical decided to switch.
But do you know what coreutils are a fertile ground for? Race conditions around file creation, deletion, permission setting, and so on. The original code accounted for decades of hard-learned lessons in that space. The Rust rewrite did not:
https://seclists.org/oss-sec/2026/q2/332
PS. I'm not dunking on Rust. It's just that... starting over from scratch has its hidden costs.
-
-
@ireneista@adhd.irenes.space @lcamtuf@infosec.exchange @Doomed_Daniel@mastodon.gamedev.place I thought it was entirely independent from gnu coreutils.
-
@lcamtuf@infosec.exchange @Seirdy@pleroma.envs.net @Doomed_Daniel@mastodon.gamedev.place @ireneista@adhd.irenes.space like it's really kinda fascinating in a way, but also immensely frustrating if you were used to "gnuisms".
@puppygirlhornypost2@transfem.social @lcamtuf@infosec.exchange @Doomed_Daniel@mastodon.gamedev.place @ireneista@irenes.space ShellCheck my beloved
-
@Seirdy @ireneista @lcamtuf @puppygirlhornypost2
but things like PCRE2 are probably not that critical here, at least if there is some PCRE2-compatible regex implementation for rust that can be used there.
At least looking at that posts about the CVEs, the critical knowledge is what system calls to use in what order with what arguments to avoid race conditions when creating files and such (and setting their permissions)
-
@lcamtuf@infosec.exchange @Seirdy@pleroma.envs.net @Doomed_Daniel@mastodon.gamedev.place @ireneista@adhd.irenes.space like it's really kinda fascinating in a way, but also immensely frustrating if you were used to "gnuisms".
@lcamtuf@infosec.exchange @Seirdy@pleroma.envs.net @Doomed_Daniel@mastodon.gamedev.place @ireneista@adhd.irenes.space i find it annoying because on GNU coreutil systems i am so used to being able to just append whatever flag i forgot to put in the front and then it's like
nah -
@darkuncle @ChuckMcManis @lcamtuf Sure, but perhaps don't do your learning in production?
@sten @darkuncle @ChuckMcManis @lcamtuf
you expect rare race conditions to occur anywhere but production?
-
The coreutils Rust rewrite story is pretty funny.
Coreutils are tools like rm, mv, mkdir, etc. Unlike binutils, this isn't a fertile ground for memory safety bugs. But, the rewrite was completed, and in the spirit of progress, Canonical decided to switch.
But do you know what coreutils are a fertile ground for? Race conditions around file creation, deletion, permission setting, and so on. The original code accounted for decades of hard-learned lessons in that space. The Rust rewrite did not:
https://seclists.org/oss-sec/2026/q2/332
PS. I'm not dunking on Rust. It's just that... starting over from scratch has its hidden costs.
@lcamtuf Something something reinventing the wheel something.
Jokes aside, I guess that's a very real metaphor... Wheels started off with wood, which of course can break, rip apart at high speeds, etc. We have better treatments and such for wood today than in the olden days, but it still means most of the fundamental issues remain... If you reinvented from scratch, you have to relearn some of that stuff.
-
@Seirdy @ireneista @lcamtuf @puppygirlhornypost2
but things like PCRE2 are probably not that critical here, at least if there is some PCRE2-compatible regex implementation for rust that can be used there.
At least looking at that posts about the CVEs, the critical knowledge is what system calls to use in what order with what arguments to avoid race conditions when creating files and such (and setting their permissions)
@Doomed_Daniel@mastodon.gamedev.place @ireneista@irenes.space @lcamtuf@infosec.exchange @puppygirlhornypost2@transfem.social I’m just saying that slim POSIX implementations that prioritize small size aren’t the best references for a clean-room GNU coreutil rewrite. FreeBSD utils and GNU documentation would be better.
Given the different language, I’m not sure that lightly referencing the GNU source code would even pose a legal risk.
