I don't think that they would file a CVE at all if we didn't segfault.

On Sat, Jun 14, 2025 at 6:45 AM Friedrich Beckmann <
friedrich.beckm...@posteo.de> wrote:

> So lets hope that those folks do not declare a „panic“ as
> „Denial of Service“ as they do right now when we segfault.
> Look for example here:
>
> https://www.cve.org/CVERecord?id=CVE-2025-32034
>
> That is a CVE because the router becomes too slow. Which is a DoS.
> The pspp cves are also not claiming that there is a security risk:
>
> https://security-tracker.debian.org/tracker/CVE-2025-48188
>
> It is just „Denial of Service“
>
> But I guess it might be easier to gracefully exit the
> code parsing stage and to continue with rust.
>
> > Am 13.06.2025 um 23:13 schrieb Ben Pfaff <b...@cs.stanford.edu>:
> >
> > On Fri, Jun 13, 2025 at 12:02 PM Friedrich Beckmann <
> friedrich.beckm...@posteo.de> wrote:
> > > Am 13.06.2025 um 20:53 schrieb Ben Pfaff <b...@cs.stanford.edu>:
> > >
> > > I don't know yet whether it will be possible to wrap the new engine to
> work with the existing GUI. If it is, it will take some effort.
> > >
> > > I started by working on a system file reader implementation, which is
> almost done. There is also a basic implementation of the output layer, and
> a basic implementation of a syntax parser. And several tests. None of it is
> really ready and I don't know when it will be, but when it is, it won't
> have segfaults.
> >
> > As far as I understood it Rust will catch for example an out of range
> index access on an array and end up in „panic“. I would consider a „panic“
> the same as „DoS“ although it is not a segfault. Do you think you can for
> example write the parser to always end up in recoverable errors?
> >
> > Rust programs, like any kind of program, can have bugs. Out-of-range
> indexes and other kinds of panics are just examples of them. The important
> distinction is that a Rust program never[*] risks executing arbitrary code
> or accessing arbitrary data because of malicious or unlucky input. Those
> are the security problems that people automatically generate and submit by
> the truckload, and that security authorities rank as the biggest risks.
> >
> > [*] With some qualifications; you can write "unsafe" Rust that does
> this. Ordinary "safe" Rust does not.
>
>

Reply via email to