Comment on Maestro, a Linux compatible kernel written in Rust.
xantoxis@lemmy.world 1 year agoIf you want a real answer, it’s mostly advocacy, the same reason Linux enthusiasts show up to every negative-sounding Windows thread to tell you to install Linux instead. And if it is less obnoxious, it’s only because there’s fewer Rust enthusiasts.
There are, also, advantages to a Rust implementation that you can claim simply by virtue of something being implemented in Rust, as entire categories of problem that cause C projects to hemorrhage security vulnerabilities simply don’t exist for Rust.
But mostly it’s people wanting you to be excited about and interested in Rust.
IrateAnteater@sh.itjust.works 1 year ago
Is there something inherently safer with how rust does things, or is it just a case of it being new, so the vulnerabilities haven’t been found yet?
hperrin@lemmy.world 1 year ago
Yes. Unless you write code in an
unsafeblock, Rust will perform most aspects of memory allocation and management for you. It is memory safe and thread safe by default.C doesn’t have any of these safety checking features, so it would be equivalent to unsafe Rust, but all the time. It lets you do whatever you want with pointers for example, including making them point outside of the memory bounds. In program code, this will cause an illegal memory access exception, but in kernel code, all memory access is legal. Therefore, you could write a driver that accidentally overwrites the kernel’s own code in memory. That would likely cause a kernel panic and bring the whole system down. Whereas, in Rust, you can only do that within an
unsafecode block.wikibot@lemmy.world [bot] 11 months ago
Here’s the summary for the wikipedia article you mentioned in your comment:
Thread safety is a computer programming concept applicable to multi-threaded code. Thread-safe code only manipulates shared data structures in a manner that ensures that all threads behave properly and fulfill their design specifications without unintended interaction. There are various strategies for making thread-safe data structures.A program may execute code in several threads simultaneously in a shared address space where each of those threads has access to virtually all of the memory of every other thread. Thread safety is a property that allows code to run in multithreaded environments by re-establishing some of the correspondences between the actual flow of control and the text of the program, by means of synchronization.^article^ ^|^ ^about^
magic_lobster_party@kbin.social 1 year ago
Rust has many safeguards against some common errors that may cause security vulnerabilities. It’s by no means bulletproof against all vulnerabilities, but it’s something.
sentient_loom@sh.itjust.works 1 year ago
I only know the hype. But the hype says that Rust’s ownership system makes memory usage much safer by forcing the coder to deal with data. Your values will eventually go out of scope, and you have to dictate when that will happen or else it won’t compile.
…or something like that.
bacon_pdp@lemmy.world 1 year ago
Well rust has a borrow checker which does make some memory bugs harder to create but to say that rust solved any of the known open problems in computer security. The answer is clearly no. It just copied some good ideas from ocaml into C++ and got some good marketing.
borrow checkers also already exist for C/C++/etc [just most people don’t use them]
so, slightly safer defaults than C/C++ but doesn’t contain any new/unique security magic.
nickwitha_k@lemmy.sdf.org 1 year ago
I feel like this is an example of innovation vs invention. Rust did not invent borrow checking. It did, however, make the borrow checker an integral part of the language and compiler. Making memory safety the default behavior is innovative and makes it the path of least resistance.
Memory safety issues are responsible not just for crashes and perf degredation but are a significant attack vector for exploits. Making it harder to land there makes these exploitable conditions less common. The mechanism is not unique but its integral place in the language is.
barsoap@lemm.ee 11 months ago
It kinda really pioneered its particular kind of memory management. There’s some theoretical ancestry involving ML-based research languages with region typing, stuff like this, but those are ultimately quite different. The rest of the type system is basically a cut-down Haskell (Hindley-Milner with qualified types (typeclasses/traits)), with some minor titbits and fiddling.
bacon_pdp@lemmy.world 1 year ago
not exactly, as there are rust compilers like mrust that don’t actually have borrow checkers and virtually none of those safety checks actually occur and there is a question of if the gcc rust compiler would be implementing that feature into the compiler.
So, that would be an attribution failure; as it isn’t required by the language but the most popular rust compiler does include that feature.
But yes, more compilers would likely benefit the languages they support by also adopting that feature by default.
AnUnusualRelic@lemmy.world 11 months ago
But it also has a cool name. You forgot to mention that very important aspect.