lcamtuf :verified: :verified: :verified: (@lcamtuf@infosec.exchange)
infosec.exchange
The coreutils Rust rewrite story is pretty funny. Coreutils are tools like rm, mv, mkdir, etc. Unlike binutils, this isn't a fertile ground for memory safety bugs. But, the rewrite was completed, and in the spirit of progress, Canonical decided to switch. But do you know what coreutils are a fertile ground for? Race conditions around file creation, deletion, permission setting, and so on. The original code accounted for decades of hard-learned lessons in that space. The Rust rewrite did not: https://seclists.org/oss-sec/2026/q2/332 PS. I'm not dunking on Rust. It's just that... starting over from scratch has its hidden costs.
  • ThomasWilliams@lemmy.world
    29·
    3 days ago

    I doubt whether the original code even considered race conditions. That would have been left to script developers to figure out.

    rust-core-utils is not completely compatible nor does it replace all functionality of core-utils. It’s essentially useless for compliation or configuration scripts before we even discover all the bugs it probably has in it.

    Memory safety is useless if the language is such a pig to program it’s almost impossible to write bugfree code.

    • gnufuu@infosec.pub
      1·
      2 days ago

      I doubt whether the original code even considered race conditions. That would have been left to script developers to figure out.

      Are you saying that coreutil devs have been ignoring race conditions for the past 30 years? Because that would be an odd thing to be wrong about.