[asveikau]

OpenBSD has done a few of these daemons over the years, where they reject existing popular implementations to do their own with their own priorties. I started typing a list but really there are too many, big and small. They tend to have the OpenBSD minimalist, security focused, "no bullshit" approach.

It's not very much like systemd.

[kbenson]

In a way, OpenBSD isn't really written in C. It's written in a special subset of C that uses some different, more secure core functions and any where any trade-off for performance instead of security is ruthlessly weeded out when reviewed by the people involved.

I'm of the opinion that using C and C++ for future major work where there's not good reasons forcing you to is more trouble than it's worth, but I wouldn't mind if it was all done with the care and attention the OpenBSD developers put into their projects.

[tptacek]

While I'm generally sold on the OpenBSD strategy of replacing mainstream daemons with stripped down secure versions, I don't think it is at all reasonable to suggest that OpenBSD's library idioms mean it's implemented in something other than C (nor would it be reasonable to say that about Dan Bernstein's software, which goes even further in this direction). It's still C, and it still has memory corruption vulnerabilities.

[kbenson]

Sure. I just meant that since they adopt and enforce the usage of secure equivalents to some common functions (e.g. some string utilities), and along with very strictly enforced rules about how code gets accepted, it's about the best we can expect in some situations. Not everyone is willing to consider using something other than C. I think the pragmatic approach is to point to C projects that have been largely successful in their security approach. If it causes them to adopt the onerous requirements for safe C, or to reevaluate their position, I count those both as positive outcomes.

[makz]

As far as I have seen, every time a project uses C, they end up transforming it in some subset and if you want to contribute, you must learn that C subset. It’s almost like DSLs.

I think that’s expected, and cool, given that C is a general purpose language and very flexible.

[nickpsecurity]

It's C with better libraries and coding standards for security. A different dialect might be something like Cyclone, Cilk, MetaC, Frama-C, or ZL that change the language to help them achieve their goals.

[wahern]

unwind uses libunbound, so it's a little different then some of their other greenfield projects. (See my post elsethread.) Like with OpenSSL/libressl they're not reinventing the wheel so much as just inventing a new kind of vehicle to place atop the wheels.