[–] pcwalton 7y ago ↗ Note that the likelihood of this being an actual security issue is extremely low. Rust just takes memory safety very seriously. [–] carlmr 7y ago ↗ Stuff like this just give me more trust that the rust team is taking the promises of the language very seriously. [–] kam 7y ago ↗ Imagine if there were a CVE number for every API in the C++ standard library that could segfault if blatantly misused.
[–] carlmr 7y ago ↗ Stuff like this just give me more trust that the rust team is taking the promises of the language very seriously.
[–] kam 7y ago ↗ Imagine if there were a CVE number for every API in the C++ standard library that could segfault if blatantly misused.
[–] bennofs 7y ago ↗ This just looks like it allows to bypass safety checks without marking the code as unsafe. But so do most of the bugs listed in https://github.com/rust-lang/rust/labels/I-unsound%20%F0%9F%...? What makes this different that it's a security issue now? [–] pcwalton 7y ago ↗ I can't speak for the team, but I'm guessing that it's considered more severe of an issue because it affects backwards compatibility. [–] raphlinus 7y ago ↗ This sounds right to me. Rust takes its compatibility promise seriously, but reserves the right to break it when there's a security issue. This looks like it's one of those times.
[–] pcwalton 7y ago ↗ I can't speak for the team, but I'm guessing that it's considered more severe of an issue because it affects backwards compatibility. [–] raphlinus 7y ago ↗ This sounds right to me. Rust takes its compatibility promise seriously, but reserves the right to break it when there's a security issue. This looks like it's one of those times.
[–] raphlinus 7y ago ↗ This sounds right to me. Rust takes its compatibility promise seriously, but reserves the right to break it when there's a security issue. This looks like it's one of those times.
6 comments
[ 3.4 ms ] story [ 45.6 ms ] thread