I don't think that they would file a CVE at all if we didn't segfault. On Sat, Jun 14, 2025 at 6:45 AM Friedrich Beckmann < friedrich.beckm...@posteo.de> wrote:
> So lets hope that those folks do not declare a „panic“ as > „Denial of Service“ as they do right now when we segfault. > Look for example here: > > https://www.cve.org/CVERecord?id=CVE-2025-32034 > > That is a CVE because the router becomes too slow. Which is a DoS. > The pspp cves are also not claiming that there is a security risk: > > https://security-tracker.debian.org/tracker/CVE-2025-48188 > > It is just „Denial of Service“ > > But I guess it might be easier to gracefully exit the > code parsing stage and to continue with rust. > > > Am 13.06.2025 um 23:13 schrieb Ben Pfaff <b...@cs.stanford.edu>: > > > > On Fri, Jun 13, 2025 at 12:02 PM Friedrich Beckmann < > friedrich.beckm...@posteo.de> wrote: > > > Am 13.06.2025 um 20:53 schrieb Ben Pfaff <b...@cs.stanford.edu>: > > > > > > I don't know yet whether it will be possible to wrap the new engine to > work with the existing GUI. If it is, it will take some effort. > > > > > > I started by working on a system file reader implementation, which is > almost done. There is also a basic implementation of the output layer, and > a basic implementation of a syntax parser. And several tests. None of it is > really ready and I don't know when it will be, but when it is, it won't > have segfaults. > > > > As far as I understood it Rust will catch for example an out of range > index access on an array and end up in „panic“. I would consider a „panic“ > the same as „DoS“ although it is not a segfault. Do you think you can for > example write the parser to always end up in recoverable errors? > > > > Rust programs, like any kind of program, can have bugs. Out-of-range > indexes and other kinds of panics are just examples of them. The important > distinction is that a Rust program never[*] risks executing arbitrary code > or accessing arbitrary data because of malicious or unlucky input. Those > are the security problems that people automatically generate and submit by > the truckload, and that security authorities rank as the biggest risks. > > > > [*] With some qualifications; you can write "unsafe" Rust that does > this. Ordinary "safe" Rust does not. > >
