upvote

points

by amazingman104 days ago |
comments
upvoteby pjmlp104 days ago|
[-]
We have know better for decades, that is why Multics has a higher security score than UNIX, C flaws versus PL/I are noted on DoD report.
reply
upvoteby MangoToupe104 days ago|
parent|
[-]
It also helps that nobody uses multics, so nobody has bothered to exploit it
reply
upvoteby pjmlp104 days ago|
parent|
[-]
I can give other more recent examples, to prove the blindness of C community to security issues.

From which decade since C came to be, do you wish the example?

reply
upvoteby MangoToupe104 days ago|
parent|
[-]
I'm certainly not defending C. I'm just saying multics is a horrible example.
reply
upvoteby pjmlp104 days ago|
parent|
[-]
It is one out of many since 1958, starting with JOVIAL, how the industry has been aware of the security flaws that C allows for, which WG14 has very little interest in fixing, including turning down Dennis Ritchie proposal for fat pointers in 1990.

Note that C authors were aware of many flaws, hence why in 1979 they designed lint, which C programmers were supposed to use as part of their workflow, and as mentioned above proposed fat pointers.

Also note that C authors eventually moved on, first creating Alef (granted failed experiment), then on Inferno, Limbo, finalising with Go.

Also Rust ideas are based on Cyclone, AT&T Research work on how to replace C.

It was needed the tipping point of amount money spent fixing CVEs, ransomware, for companies and government to start thinking this is no longer tolerable.

reply
upvoteby MangoToupe102 days ago|
parent|
[-]
Rust isn't going to fix security vulnerabilities, either, though.

My point is focusing on the language is inherently missing the point, which is simply incorrect code.

reply
upvoteby mk8999 days ago|
parent|
[-]
You have a whole class of dumb and dangerous bugs completely wiped off, which not even a new/junior untrusted developer can introduce. That's not nothing.

Of course, not checking if a user has permissions to perform an operation is not something Rust or any language will protect you against, but come on it's almost 2026 and we still are talking about use after free...

reply