logoalt Hacker News

jurschreudertoday at 5:30 PM4 repliesview on HN

Just want to remind everyone that only 1% of vulnerabilities are memory related in the average Joe's code.

And only 20% of memory related bugs are use-after-free which the borrow checker fighting is for.

And 100% of the use-after-free exploits were to gain admin rights on an already hacked Windows (all windows) computer.

So for the vast majority of people the borrow checker adds nothing.

The vast majority of memory safety bugs (extreme pro level, super hard to exploit, only worth it in massively adopted evil outer world facing software) can be fixed by using C++26 with array bounds checking and forced initialisation.

These last two things that Rust forces catch 70-80% of the memory problems the borrow checker only 20-30% only use-after-free.

Most problems by far for normal developers are supply chain attacks, exposing api keys, remote code execution, wrong input validation, wrong auth-flow.

You're reading the CVEs of sudo and ssh and think your code will be hacked like that.

PHP is memory safe and still many people hack wordpress plugins.

Replies

khueytoday at 5:40 PM

> Just want to remind everyone that only 1% of vulnerabilities are memory related in the average Joe's code.

Unless your point is merely that average Joes write such terrible code that you don't even need memory safety issues to exploit their software, [citation needed]

Google says memory safety issues are 75% of exploited zero days. (https://security.googleblog.com/2024/10/safer-with-google-ad...)

show 4 replies
chilljinxtoday at 5:42 PM

I do not believe that I agree, and I am not sure about all of your numbers.

The borrow checker does add something, but it definitely costs something as well in multiple ways, also in terms of how it is done in Rust and at a programming language design perspective.

It would be very funny if you were batting for Rust, and just having a laugh at others here.

jeffbeetoday at 5:44 PM

Hrmm. I don't think there exists a set of compiler flags that will just make an existing C++ (or, worse, a mixed C and C++) project safe to the extent that you suggested. The STL hardening flags don't help for ordinary arrays that aren't accessed via smart pointers, and they don't help code that uses a pointer+offset style of access. As for UAF, nothing in C++ comprehensively prevents you from accessing an invalid stored reference even if you have cranked up the hardening mode to DEBUG. Rust, on the other hand, affirmatively prevents that.

slopinthebagtoday at 5:35 PM

Any sources for these numbers?

show 1 reply