upvote

points

by timcobb2 days ago |
comments
upvoteby MallocVoidstar2 days ago|
next
[-]
> Pretty shocking to see the lack of basic thought going into writing what is meant to be critical infrastructure

uutils did not start off as "let's make critical infrastructure in Rust", it started off as "coreutils are small and have tests, so we're rewriting them in Rust for fun". As a result there's needed to be a bunch of cleanup work.

reply
upvoteby timcobb2 days ago|
parent|
[-]
Okay, thanks for the context, but aren't distributions eager to adopt these? Are current GNU coreutils a common vulnerability vector?

> For fun

My idea of fun is reviewing my code and making sure I'm handling errors correctly so that my software doesn't suck. Maybe the people who are doing this, for fun, should be more aligned with that mentality?

reply
upvoteby Pay081 days ago|
parent|
[-]
No, this is only Ubuntu as far as I know because Canonical are idiots.
reply
upvoteby 12_throw_away1 days ago|
prev|
next
[-]
So yeah, their implementation of chmod checked if a path was pointing to the root of the filesystem with 'if file == Path::new("/")'.

How the f** did this sub-amateur slop end up in a big-name linux distribution? We've de-professionalized software engineering to such a degree that people don't even know what baseline competent software looks like anymore

reply
upvoteby antonvs2 days ago|
prev|
[-]
I love Rust, but I wonder if this is an example of the idea that its excellent type system can lull some people into a false sense of security. Particularly when interfacing to low-level code like kernel APIs, which are basically minefields inadvertently designed to trick the unwary, the Rust guarantees are undermined. The extent of this may not be immediately obvious to everyone.
reply
upvoteby timcobb2 days ago|
parent|
[-]
This seems to be the case, yes. Before reading this post I was a lot more open minded about the "rewrite it in Rust" scene but now I'm just kind of in a horrorpit wondering whether I'll be stuck on macOS forever :(.
reply
upvoteby Pay081 days ago|
parent|
next
[-]
I don't think that is the case. I think the people that wrote this are simply bad programmers. Some of these issues are so obvious that if you've been doing any amount of programming, you should be able to anticipate them, whether you're writing C, Rust, or Java.
reply
upvoteby antonvs1 days ago|
parent|
prev|
[-]
Creative but implausible excuse. MacOS is a better OS for consumers than Windows. But if you're a developer or other technical person, nothing stops you from using Linux today.
reply
upvoteby timcobb1 days ago|
parent|
[-]
Right but coming from macOS, how do I know that the Linux distro I pick doesn't have this god-forsaken stuff in it? Before this thread I didn't know Canonical was so... busted. What else do I not know? With macOS, I think I can be sure that this kind of stuff won't be in the core shell commands :).

When I do `man builtin` on macOS now, I get:

``` HISTORY The builtin manual page first appeared in FreeBSD 3.4. ```

which is what I expected, and I don't expect those to be pulled out from under me and replaced with the sort of nonsense we have here today.

reply