As a lover of Rust, ooo boy does this sound like a bad idea. The Rust compiler is not guaranteed to always output safe code against malicious inputs given that there’s numerous known soundness bugs that allow exploiting this. Unless I’m missing something this is a security nightmare of an idea.
Also there’s reasons why eBPF programs aren’t allowed to run arbitrarily long and this just ignores that problem too.
It’s a common HN trope to generalise a “community” based on a handful of people or even just one person. “See this is why I dislike the xyz community”, says a person justifying their confirmation bias.
It’s so common that it’s not even worth calling out.
As a lover of Rust, ooo boy does this sound like a bad idea. The Rust compiler is not guaranteed to always output safe code against malicious inputs given that there’s numerous known soundness bugs that allow exploiting this. Unless I’m missing something this is a security nightmare of an idea.
Also there’s reasons why eBPF programs aren’t allowed to run arbitrarily long and this just ignores that problem too.
Fully agree.
If it has to be native code, it should live on user space, at very least.
In this comment someone tries to justify its design, citing a lwn article: https://github.com/rex-rs/rex/issues/2#issuecomment-26965339...
That's one aspect of the design. Again, complexity requirements are there for a reason. No explanation seen for why this eschews them.
> This approach avoids the overly restricted verification requirements (e.g., program complexity constraints)
Maybe i'm missing something, but isn't that a bad thing?
Yes, very bad, even worse when coming from supposedly security conscious programming language community.
They're not in the core language group... Do these people have influence in the stdlib, compiler, prominent libraries? Kernel community?
Why judge the whole Rust community for the choices made by one minor subgroup?
It’s a common HN trope to generalise a “community” based on a handful of people or even just one person. “See this is why I dislike the xyz community”, says a person justifying their confirmation bias.
It’s so common that it’s not even worth calling out.
I mean, I was going to reply "take a wild guess" to him, but your message is correct, too.
(I may come across as an Ada zealot myself.)
We need a way to run HolyC in the kernel
You can run HolyC in the kernel. Just not the Linux kernel.
These people just won't give up lol... Rust in the kernel is a terrible idea all around.