So lets hope that those folks do not declare a „panic“ as „Denial of Service“ as they do right now when we segfault. Look for example here:
https://www.cve.org/CVERecord?id=CVE-2025-32034 That is a CVE because the router becomes too slow. Which is a DoS. The pspp cves are also not claiming that there is a security risk: https://security-tracker.debian.org/tracker/CVE-2025-48188 It is just „Denial of Service“ But I guess it might be easier to gracefully exit the code parsing stage and to continue with rust. > Am 13.06.2025 um 23:13 schrieb Ben Pfaff <b...@cs.stanford.edu>: > > On Fri, Jun 13, 2025 at 12:02 PM Friedrich Beckmann > <friedrich.beckm...@posteo.de> wrote: > > Am 13.06.2025 um 20:53 schrieb Ben Pfaff <b...@cs.stanford.edu>: > > > > I don't know yet whether it will be possible to wrap the new engine to work > > with the existing GUI. If it is, it will take some effort. > > > > I started by working on a system file reader implementation, which is > > almost done. There is also a basic implementation of the output layer, and > > a basic implementation of a syntax parser. And several tests. None of it is > > really ready and I don't know when it will be, but when it is, it won't > > have segfaults. > > As far as I understood it Rust will catch for example an out of range index > access on an array and end up in „panic“. I would consider a „panic“ the same > as „DoS“ although it is not a segfault. Do you think you can for example > write the parser to always end up in recoverable errors? > > Rust programs, like any kind of program, can have bugs. Out-of-range indexes > and other kinds of panics are just examples of them. The important > distinction is that a Rust program never[*] risks executing arbitrary code or > accessing arbitrary data because of malicious or unlucky input. Those are the > security problems that people automatically generate and submit by the > truckload, and that security authorities rank as the biggest risks. > > [*] With some qualifications; you can write "unsafe" Rust that does this. > Ordinary "safe" Rust does not.
