|
|
|
|
|
|
by woodruffw
1090 days ago
|
|
|
On a basic level: programs written in C almost always have memory access patterns that can't be proven safe generally. sudo, in particular, has had a few public bugs over the past few years that directly trigger potentially exploitable memory unsafety[1][2]. Note that not all bugs receive public reports, much less are assigned CVEs. Rust's memory semantics are safe by construction: unless you intentionally write the the part of the language that requires you to explicitly mark things as unsafe, your programs cannot contain the kinds of temporal or spatial memory bugs that can occur in C and C++. Given that, calling this the "memory safe" implementation seems pretty reasonable, in the same way that calling a Java or Python implementation of sudo "memory safe" would also be reasonable. [1]: https://www.cvedetails.com/cve/CVE-2021-3156/ [2]: https://www.cvedetails.com/cve/CVE-2019-18634/ |
|
|