The coreutils Rust rewrite story is pretty funny.
-
@lcamtuf@infosec.exchange @Seirdy@pleroma.envs.net @Doomed_Daniel@mastodon.gamedev.place @ireneista@adhd.irenes.space like it's really kinda fascinating in a way, but also immensely frustrating if you were used to "gnuisms".
@puppygirlhornypost2@transfem.social @lcamtuf@infosec.exchange @Doomed_Daniel@mastodon.gamedev.place @ireneista@irenes.space ShellCheck my beloved
-
@Seirdy @ireneista @lcamtuf @puppygirlhornypost2
but things like PCRE2 are probably not that critical here, at least if there is some PCRE2-compatible regex implementation for rust that can be used there.
At least looking at that posts about the CVEs, the critical knowledge is what system calls to use in what order with what arguments to avoid race conditions when creating files and such (and setting their permissions)
-
@lcamtuf@infosec.exchange @Seirdy@pleroma.envs.net @Doomed_Daniel@mastodon.gamedev.place @ireneista@adhd.irenes.space like it's really kinda fascinating in a way, but also immensely frustrating if you were used to "gnuisms".
@lcamtuf@infosec.exchange @Seirdy@pleroma.envs.net @Doomed_Daniel@mastodon.gamedev.place @ireneista@adhd.irenes.space i find it annoying because on GNU coreutil systems i am so used to being able to just append whatever flag i forgot to put in the front and then it's like
nah -
@darkuncle @ChuckMcManis @lcamtuf Sure, but perhaps don't do your learning in production?
@sten @darkuncle @ChuckMcManis @lcamtuf
you expect rare race conditions to occur anywhere but production?
-
The coreutils Rust rewrite story is pretty funny.
Coreutils are tools like rm, mv, mkdir, etc. Unlike binutils, this isn't a fertile ground for memory safety bugs. But, the rewrite was completed, and in the spirit of progress, Canonical decided to switch.
But do you know what coreutils are a fertile ground for? Race conditions around file creation, deletion, permission setting, and so on. The original code accounted for decades of hard-learned lessons in that space. The Rust rewrite did not:
https://seclists.org/oss-sec/2026/q2/332
PS. I'm not dunking on Rust. It's just that... starting over from scratch has its hidden costs.
@lcamtuf Something something reinventing the wheel something.
Jokes aside, I guess that's a very real metaphor... Wheels started off with wood, which of course can break, rip apart at high speeds, etc. We have better treatments and such for wood today than in the olden days, but it still means most of the fundamental issues remain... If you reinvented from scratch, you have to relearn some of that stuff.
-
@Seirdy @ireneista @lcamtuf @puppygirlhornypost2
but things like PCRE2 are probably not that critical here, at least if there is some PCRE2-compatible regex implementation for rust that can be used there.
At least looking at that posts about the CVEs, the critical knowledge is what system calls to use in what order with what arguments to avoid race conditions when creating files and such (and setting their permissions)
@Doomed_Daniel@mastodon.gamedev.place @ireneista@irenes.space @lcamtuf@infosec.exchange @puppygirlhornypost2@transfem.social I’m just saying that slim POSIX implementations that prioritize small size aren’t the best references for a clean-room GNU coreutil rewrite. FreeBSD utils and GNU documentation would be better.
Given the different language, I’m not sure that lightly referencing the GNU source code would even pose a legal risk.
-
@lcamtuf See this all the time - people storm in trying to change things before trying to understand how the current things work. People who don't learn from what's been done before. Society doesn't progress from efforts like theirs. You only make progress by learning from and building on top of what came before.
One thing that the Rust rewrite of coreutils tried to do was to prove that it was making steady progress by the number of test cases originating from GNU coreutils that it could pass.
I very much suspect that there's a whole host of race condition tests that made it into the test corpus late in the game.
Test-driven rewrite has its limits.
Note the uptick in failures at the very right edge of the graph, they are currently under 90% tests successful.
-
The coreutils Rust rewrite story is pretty funny.
Coreutils are tools like rm, mv, mkdir, etc. Unlike binutils, this isn't a fertile ground for memory safety bugs. But, the rewrite was completed, and in the spirit of progress, Canonical decided to switch.
But do you know what coreutils are a fertile ground for? Race conditions around file creation, deletion, permission setting, and so on. The original code accounted for decades of hard-learned lessons in that space. The Rust rewrite did not:
https://seclists.org/oss-sec/2026/q2/332
PS. I'm not dunking on Rust. It's just that... starting over from scratch has its hidden costs.
@lcamtuf Or why crappy abstractions for POSIX APIs are worse. -
@Doomed_Daniel@mastodon.gamedev.place @ireneista@irenes.space @lcamtuf@infosec.exchange @puppygirlhornypost2@transfem.social I’m just saying that slim POSIX implementations that prioritize small size aren’t the best references for a clean-room GNU coreutil rewrite. FreeBSD utils and GNU documentation would be better.
Given the different language, I’m not sure that lightly referencing the GNU source code would even pose a legal risk.
@Seirdy@pleroma.envs.net @lcamtuf@infosec.exchange @Doomed_Daniel@mastodon.gamedev.place @ireneista@adhd.irenes.space Also, BSD-Clause and MIT are compatible licenses. IANAL though, so I'm hesitant to discuss how this would actually impact "porting" BSD-Clause code from C to an MIT Licensed Rust codebase
-
@xerz @star @hypha @lcamtuf Switching to dependencies with a single non-replaceable toolchain is also irresponsible.
Core utilities should not rely on something that can believably be slopped into oblivion with no viable replacement (C compilers are a dime a dozen and comparatively much easier to implement, with many functional replacements readily available).
Proper specification of all the core toolchains should be a bare minimum. -
@lcamtuf@infosec.exchange @Seirdy@pleroma.envs.net @Doomed_Daniel@mastodon.gamedev.place @ireneista@adhd.irenes.space i find it annoying because on GNU coreutil systems i am so used to being able to just append whatever flag i forgot to put in the front and then it's like
nah@puppygirlhornypost2 @ireneista People talking about UX are often talking about GUIs but aside from GNU making clean copyleft license versions of the (at the time) proprietary Unix utils, GNU also spent a lot of effort in UX like long options and fewer arbitrary restrictions (which made sense on a PDP but not on the larger systems of the 90's and later) which is how they got to be so popular, before Linux was even created. It's too bad that some of the other systems keep looking back farther for inspiration rather than looking around and forward for what the UX of a Unix should be.
-
@puppygirlhornypost2 @ireneista People talking about UX are often talking about GUIs but aside from GNU making clean copyleft license versions of the (at the time) proprietary Unix utils, GNU also spent a lot of effort in UX like long options and fewer arbitrary restrictions (which made sense on a PDP but not on the larger systems of the 90's and later) which is how they got to be so popular, before Linux was even created. It's too bad that some of the other systems keep looking back farther for inspiration rather than looking around and forward for what the UX of a Unix should be.
@raven667 @puppygirlhornypost2 they did, yeah, you're right. they deserve credit for that work.
they did so in a time when UX wasn't yet a science (or rather, design was a science but had not been made rigorous in the domain of computing), so perhaps it's understandable that they still have a ton of UX problems... but you're right. still way better than earlier attempts.
-
@lcamtuf
I learned C++ after Modula-2 and before C.
I learned programming earlier.Learning a programming language isn't learning programming (extracting requirements, specification, design, coding, test etc).
I looked at Rust. C++ certainly has got too complicated since 1987, but I wonder does Rust *only* help with memory safety?
Main memory safety in general relates to using pointers that are invalid, accessing arrays out of bounds and past the end of strings.
Partly bad libraries & design.@raymaccarthy @lcamtuf Rust seems to in-practice accomplish very little Ada doesn't do better. -
@ChuckMcManis @lcamtuf now why the hell, after all these years, have I not heard of Chesterton’s Fence? Is this what I missed by not learning my trade at a uni? Kinda rhetorical, but I _still_ feel I must’ve missed something other than the debt…
Anyway, thank you. It’s going to provide a nice two-worder when reviewing prs by newbies - and a lot of oldbies and, lest l forget, their sloppy chums.
@Kynx @ChuckMcManis @lcamtuf I don't get the big deal about Chesterton's Fence and think it's probably safe to remove it from our lexicon tbh
-
@xerz @star @hypha @lcamtuf Switching to dependencies with a single non-replaceable toolchain is also irresponsible.
Core utilities should not rely on something that can believably be slopped into oblivion with no viable replacement (C compilers are a dime a dozen and comparatively much easier to implement, with many functional replacements readily available).
Proper specification of all the core toolchains should be a bare minimum.@lispi314 @hypha @star @lcamtuf in fairness GNU has a viable alternative,
gccrsis aiming for Rust 1.49 and is getting quite close https://rust-gcc.github.io/2026/04/13/2026-03-monthly-report.html.....not sure what compiler version
uutilsrequires tho -
The coreutils Rust rewrite story is pretty funny.
Coreutils are tools like rm, mv, mkdir, etc. Unlike binutils, this isn't a fertile ground for memory safety bugs. But, the rewrite was completed, and in the spirit of progress, Canonical decided to switch.
But do you know what coreutils are a fertile ground for? Race conditions around file creation, deletion, permission setting, and so on. The original code accounted for decades of hard-learned lessons in that space. The Rust rewrite did not:
https://seclists.org/oss-sec/2026/q2/332
PS. I'm not dunking on Rust. It's just that... starting over from scratch has its hidden costs.
@lcamtuf We clearly need a type system capable of expressing TOCTOU-safety.
-
One thing that the Rust rewrite of coreutils tried to do was to prove that it was making steady progress by the number of test cases originating from GNU coreutils that it could pass.
I very much suspect that there's a whole host of race condition tests that made it into the test corpus late in the game.
Test-driven rewrite has its limits.
Note the uptick in failures at the very right edge of the graph, they are currently under 90% tests successful.
-
@lispi314 @hypha @star @lcamtuf in fairness GNU has a viable alternative,
gccrsis aiming for Rust 1.49 and is getting quite close https://rust-gcc.github.io/2026/04/13/2026-03-monthly-report.html.....not sure what compiler version
uutilsrequires tho@xerz@soc.masfloss.net @hypha@cafe.mycelium.locahlo.st @star@fed.amazonawaws.com @lcamtuf@infosec.exchange Last I had heard from gccrust is that it couldn’t even be used for bootstrap compiling yet, without enforcing any of the semantics a Rust compiler is expected to.
It’s unclear whether it also now does that as of this progress report or not. If it does then that would be progress indeed.
-
@r @ireneista @pinskia @lcamtuf any widget toolkit they have is heavily entangled with the HTML renderer, and the advanced typography is stuff like HarfBuzz
-
"Netscape went bankrupt trying to re-write their software from scratch"
It is also why Microsoft Edge went from something written from scratch to be a fork of chromium. The story is the same and even more it is about the similar product. Plus it is a recent example of the whole starting from scratch issues.
@pinskia@hachyderm.io @ireneista@adhd.irenes.space @lcamtuf@infosec.exchange They also just didn’t really have a reason to care about writing their own browser much either. I think their main revenue streams had diverged from that already.
