Email or username:

Password:

Forgot your password?
Mara

Fun fact: the most recent CVE in the Rust standard library (toctou in remove_dir_all) also applies to C++ standard library implementations. But in C++ it's just considered undefined behaviour and your own fault if any other process touches the file system, so it's not considered an issue.

2 comments
fasterthanlime 🌌

@Mara the eternal tragedy of Rust security advisories, which put the bar so much higher 🥲

Per Vognsen

@fasterthanlime @Mara Hopefully the bar stays high. On r/rust the last few times something like this hit the general tech news, several commenters thought it was a mistake to accept CVEs for issues that wouldn't be CVEs in other languages.

Go Up