Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> To be fair `sudo-rs`'s usage of unsafe is all there just to interface with C code (e.g. PAM) so it isn't really sudo-rs that is "less safe"

That's exactly my point.

sudo compiled with Fil-C: uses pam compiled with Fil-C, and all of pam's dependencies are compiled with Fil-C, so the whole thing is memory safe.

sudo-rs: uses pam compiled with Yolo-C, so it's not actually safe. pam is quite big and pulls in other unsafe dependencies



> sudo-rs: uses pam compiled with Yolo-C, so it's not actually safe

Well it is, it's just that it doesn't magically make PAM safe either.

We're not disagreeing about anything technical, I just think it's slightly unfair to say Rust isn't as safe as Fil-C based on that. It is as safe; it just can't automatically make all C code safer like Fil-C can (and CHERI, etc.).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: