The Case for Memory Safe Roadmaps

309 点作者 AndrewDucker超过 1 年前

27 条评论

In the world of graphics programming, you've got:- continuing accumulation of documentation and utility libraries from Khronos- excellent learning materials from the community- tons of legacy codeall using C++.<a href="https://github.com/KhronosGroup/Vulkan-Utility-Libraries">https://github.com/KhronosGroup/Vulkan-Utility-Libraries</a><a href="https://github.com/cg-tuwien/VulkanLaunchpad">https://github.com/cg-tuwien/VulkanLaunchpad</a><a href="https://cescg.org/our-services/an-introduction-to-vulkan/" rel="nofollow noreferrer">https://cescg.org/our-services/an-introduction-to-vulkan/</a>Until I see professionals get funding to build, maintain, document, and create training materials for Rust bindings, I'm going to continue to assume there will not be movement in that sector. I don't think industry is going to throw away the C++ ecosystem and build greenfield projects on a foundation of hobby projects.

评论 #38616729 未加载

评论 #38622233 未加载

评论 #38617604 未加载

评论 #38618736 未加载

评论 #38614807 未加载

wodow超过 1 年前

Their "Appendix: Memory Safe Languages" lists:C#, Go, Java, Python, Rust & Swift

评论 #38612402 未加载

评论 #38612772 未加载

评论 #38612325 未加载

评论 #38612518 未加载

评论 #38612411 未加载

评论 #38612492 未加载

评论 #38614203 未加载

评论 #38612856 未加载

评论 #38612324 未加载

评论 #38612833 未加载

评论 #38612839 未加载

lambdaone超过 1 年前

"Undefined behavior" in general is a nightmare. After memory safety, the next target should be the enforcement of underflow/overflow trapping. With the exception of the intentional use to implement modular arithmetic, underflow/overflow should always be an error condition.

评论 #38612755 未加载

评论 #38613421 未加载

评论 #38612716 未加载

评论 #38613756 未加载

评论 #38614468 未加载

评论 #38612970 未加载

评论 #38613055 未加载

ianlevesque超过 1 年前

Encouraging. I hope the increasing drumbeat of awareness and advocacy around this reaches a critical mass soon. I'm not naive enough to think it will solve all security problems, but it will reduce the attack surface so, so much.

evrimoztamur超过 1 年前

Confused about Python in particular considering a lot of powerful and common dependencies in the ecosystem starting out from numpy and friends all have C/++ components to them for performance improvements. Surely this is a vector to be considered?

评论 #38612851 未加载

评论 #38612891 未加载

userbinator超过 1 年前

I'm cynically thinking "because they can now target the runtimes instead, and get far more value from their exploits".

评论 #38614970 未加载

champagnepapi超过 1 年前

But how are we going to trade stocks in nano seconds without C++?!

评论 #38612507 未加载

评论 #38612881 未加载

评论 #38612724 未加载

评论 #38612478 未加载

评论 #38612709 未加载

评论 #38612889 未加载

评论 #38612576 未加载

ryao超过 1 年前

It is a shame that there is no open source equivalent to tools like Astree:<a href="https://www.absint.com/astree/index.htm" rel="nofollow noreferrer">https://www.absint.com/astree/index.htm</a>In theory, it is possible to write completely memory safe code in C/C++ using it. As long as its analysis generates no complaints, there are no memory safety issues in the analyzed code.

评论 #38624170 未加载

评论 #38616558 未加载

hospitalJail超过 1 年前

At least my usecase has C completely disconnected from the internet.I have no idea how this is going to work at the OS level.

评论 #38612333 未加载

评论 #38612228 未加载

评论 #38612487 未加载

评论 #38612527 未加载

评论 #38612197 未加载

DeathArrow超过 1 年前

Isn't C++ with RAII reasonably safe? I tried to learn/like Rust but it's against how I use to think.If no friendlier safe high speed programming language appears, I rather use C/C++ and trade safety for friendliness.

评论 #38612843 未加载

评论 #38612791 未加载

评论 #38613124 未加载

评论 #38613277 未加载

评论 #38613834 未加载

ksec超过 1 年前

Access DeniedYou don't have permission to access "<a href="http://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3608324/us-and-international-partners-issue-recommendations-to-secure-software-products/" rel="nofollow noreferrer">http://www.nsa.gov/Press-Room/Press-Releases-Statements/Pres...</a>" on this server.Judging from the 409 comments right now it seems I am the only one have this problem?

gosub100超过 1 年前

Can someone explain why we can't double-down on C++ and, through compiler wizardry and reduction in toolset (say, strings can only be fixed-size at 32 chars, 64, or 256 long. No raw pointers, allocator zeroes out all freed memory), achieve a memory-safe language?Obviously, making certain concessions would be a deal-breaker for some, but it might be viable for legacy codebases. If you were to try to make C++ memory-safe, where does it begin to break down?

评论 #38613720 未加载

评论 #38613094 未加载

评论 #38613385 未加载

评论 #38613246 未加载

评论 #38613348 未加载

评论 #38613553 未加载

jaisjdkaaaej超过 1 年前

I'm not moving languages over memory safety and I'm not going to apologize for it either. I don't particularly like Rust and its not fit to replace C. If it replaces C++ I could care less and may even be somewhat supportive.

ram_rar超过 1 年前

Can someone with a security background enlighten me, on why Python is on the list of "memory safe" languages? Most of the python code I have worked with is a thin wrapper on C. Wouldnt that make python vulnerable as well?

评论 #38616736 未加载

1970-01-01超过 1 年前

Fully agree. The best time to stop giving the next generation of coders the gift of unsafe memory is today. C and C++ should be known as 'legacy' languages.

评论 #38613678 未加载

rwmj超过 1 年前

Given the vast amount of C/C++ around, much which will never be rewritten, I wonder if bounds checking compilers should be considered?

评论 #38613063 未加载

评论 #38622405 未加载

评论 #38614231 未加载

mikewarot超过 1 年前

More misdirection away from capability based security. 8(I was hopeful we'd be transitioning by now.... it's at least another decade out.

ahmedfromtunis超过 1 年前

How about a new drop-in replacement language for c/c++?I'm in no way an expert in any aspect that relates to this problem, but it's reasonable to believe that it would be but a mildly challenging task if companies like Google, meta, Microsoft and the likes joined forces.A year of concentrated efforts might be sufficient to rid us with this problem once and for all. Billions of lines of codes would gain (some) safety instantly.

评论 #38614188 未加载

评论 #38614403 未加载

评论 #38615742 未加载

Coder1996超过 1 年前

I've never thought of security being a reason to use memory-safe languages, but I agree.

lolive超过 1 年前

The truth about [Unix and] the C language:<a href="https://www-users.york.ac.uk/~ss44/joke/c.htm" rel="nofollow noreferrer">https://www-users.york.ac.uk/~ss44/joke/c.htm</a>#joke #hilarious

phkahler超过 1 年前

What is their stance on using C++ with sanitizers? Anyone know?

评论 #38614949 未加载

asylteltine超过 1 年前

Ah, they must have found an exploit in Rust then

评论 #38614069 未加载

评论 #38613549 未加载

jmclnx超过 1 年前

I advise training programmers instead of throwing them in front of a screen without any training. Companies these days provides no training at all. When I was hired over 40 years ago, I spent plenty of time being trained for my first 3 months.Now, nothing, and you if you want to train a new person, you do it on your own time.

评论 #38613093 未加载

评论 #38612698 未加载

评论 #38612697 未加载

评论 #38613074 未加载

评论 #38612991 未加载

评论 #38612932 未加载

评论 #38613007 未加载

评论 #38612661 未加载

评论 #38614242 未加载

评论 #38616085 未加载

评论 #38613016 未加载

评论 #38613382 未加载

评论 #38613042 未加载

评论 #38612659 未加载

评论 #38612690 未加载

评论 #38613768 未加载

评论 #38614344 未加载

评论 #38613026 未加载

评论 #38613122 未加载

0x142857超过 1 年前

welcome to javascript

Woshiwuja超过 1 年前

Lets go back to C guys

guh超过 1 年前

Thanks but still sticking to C++...

pier25超过 1 年前

Correct me if I'm wrong... But don't these types of memory attacks require local access to the machine?

评论 #38612771 未加载

评论 #38613458 未加载

评论 #38612702 未加载