logoalt Hacker News

bitwizetoday at 3:19 PM4 repliesview on HN

"'Nothing could have prevented this from happening,' say users of only language where this happens" comes to bite OpenBSD.


Replies

amiga386today at 3:48 PM

OpenBSD wouldn't say anything like that. They're well aware of the 40+ year old codebase's limitations, but accept it because they're not so stupid as to "rewrite it in <other language>" which will bring a million bugs.

They've innovated again and again in the security space and aggressively bring in new security features like pf, OpenSSH, W^X enforcement, pledge(), arc4random(), ASLR, so many other things.

Unlike, say, NPM, which can't even replicate existing packaging systems like yum or apt, and has been plagued with security flaws despite being built entirely out of a memory-safe language. Quite an achievement.

show 1 reply
efficaxtoday at 4:02 PM

It's difficult to say if a kernel written in rust would not have similar vulnerabilites, because it would be impossible to build a kernel without significant amounts of `unsafe`.

anonengtoday at 3:37 PM

Tell us you know nothing about kernel programming and trust stacks while you are at it.

show 1 reply
applfanboysbgontoday at 3:32 PM

The OpenBSD project was started in 1995, with ancestry going back further than that. Should they have first invented Rust? Or at what point do you suppose the decades-old codebase should have been completely rewritten?

show 1 reply