I’m not writing this to criticize the uutils team. Quite the contrary; I actually want to thank them for sharing the audit results in such detail so that we can all learn from them.
I’m not writing this to criticize the uutils team. Quite the contrary; I actually want to thank them for sharing the audit results in such detail so that we can all learn from them.
Those are bugs I dont think any programming language catch, unless it’s a DSL for writing such programs on Linux or another OS.
Some of them seem to be harder to fix or to get right in Rust than C though. Mostly due to “convenience” methods that make application writing easier.
It could be improved. Sebastian Wick and Lennart Poettering made comments on how hard POSIX makes it to be secure. There are better APIs that try to be safer.
And since uutils is not Linux only, it can’t use these safer APIs directly, or at least not without writing more platform-specific code.