zlacker

[return to "“Rust is safe” is not some kind of absolute guarantee of code safety"]
1. tcfhgj+w4[view] [source] 2022-10-02 14:53:29
>>rvz+(OP)
> Not completing the operation at all, is not really any better than getting the wrong answer, it's only more debuggable.

Wouldn't be that sure about that. Getting the wrong answer can be a serious security problem. Not completing the operation... well, it is not good, but that's it.

◧◩
2. atty+D5[view] [source] 2022-10-02 15:00:29
>>tcfhgj+w4
The kernel can’t fail to complete its operations, because then the entire system crashes and no logs are created. Instead, you can finish the operation and check the result.
◧◩◪
3. chlori+LZ1[view] [source] 2022-10-03 05:26:15
>>atty+D5
The kernel can't panic and display an error message, but corrupting itself and deleting valuable data or allowing people to execute arbitrary code (possibly remotely) is okay?

I really have a hard time understanding how anyone could possibly think that's okay.

It sounds like the kernel's quality is so poor that UB is commonplace and even expected at this point. Pretty scary how many systems are relying on this huge pile of broken C code to hopefully only slightly corrupt itself and your system.

I'm not even sure how useful Rust in the kernel is going to be considering they want it to just ignore errors. You can't even have bounds checking on arrays because invalid accesses might be detected at runtime and cause an error, which is totally insane.

[go to top]