Severe Flaws Found In Libarchive Open Source Library

Reader itwbennett writes: Researchers from Cisco Systems' Talos group have found three memory corruption errors in the widely used open-source library libarchive that can result in arbitrary code execution and can be exploited by passing specially crafted files to applications that contain the vulnerable code. "The library is used by file and package managers included in many Linux and BSD systems, as well as by components and tools in OS X and Chrome OS," writes Lucian Constantin. "Developers can also include the library's code in their own projects, so it's hard to know how many other applications or firmware packages contain it." (Original blog post) So, while the libarchive maintainers have released patches for the flaws, it will likely take a long time for them to trickle down through all the affected projects.

Goddammit, people! We need to use Rust NOW!

For crying out loud! How long must this continue? We need to start using the Rust programming language and we need to start using it now! If you don't know what Rust is, let me inform you. The Rust web site describes it as "a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety." It has "guaranteed memory safety" and it has "threads without data races" and you get all of this with "zero-cost abstractions"! Rust doesn't just make programming safe. Thanks to its code of conduct the Rust community is a safe space free of intolerance and prejudice, too.

Essentially, Rust is what C and C++ should have been all along. This submission shows that we badly need what Rust offers. We need the safety of Rust, and we need it now! I don't think we really have any choice. We need to start using Rust for everything! It's the only way we can be sure that the software we're writing is safe and secure.

Re:Goddammit, people! We need to use Rust NOW!

Nice troll.

It's a bitch when the universe keeps handing your opponents more ammo.

Re:Goddammit, people! We need to use Rust NOW!

[Pseudonymous+Powers]

What he said, only substitute "Fortran" for "C and C++" and "C" for "Rust".

Or "C" for "C and C++" and "C++" for "Rust".

Or "$CommandName" for "C and C++" and "$CommandName_safe" for "Rust".

Or "Rust" for "C and C++" and "IronOxide2019" for "Rust".

Repeat as needed.

Re:Goddammit, people! We need to use Rust NOW!

[magarity]

the Rust community is a safe space free of intolerance and prejudice, too

As evidenced by how their shills start off with "Goddammit, people..."

Re:Goddammit, people! We need to use Rust NOW!

[NotInHere]

Its just so funny. Most rust applications as of now only work because they use rust wrappers to native libraries. So even if you wrote your program in rust, if you used this crate, you'd have exactly the same problems as all those c/c++ writers: https://crates.io/crates/libar...

Re:Goddammit, people! We need to use Rust NOW!

You did realize it was sarcastic right?

Re:Goddammit, people! We need to use Rust NOW!

My pickup truck has been using Rust for years

Re:Goddammit, people! We need to use Rust NOW!

[Darinbob]

What's the guarantee say? Perfect safety or your money back?

All magic bullets are essentially myths. You fix some errors more easily but then get lulled into a false sense of security instead of always being on guard.

Re:Goddammit, people! We need to use Rust NOW!

[Darinbob]

Generally it's "please use this new language that has minimal support and is single sourced and apply it to your critical systems now!" It's nice to have new languages, but if we all rushed to the latest one then we'd just be repeating the same mistakes of having a monoculture.

Remember when Java was the perfect language, designed from the ground up to make sure you can't do anything unsafe with it and it runs in a perfect sandbox that won't harm your computer.

Now Rust is a nice language. But it'll take a whole lot more than "goddammit people!" to get projects to switch.

Re:Goddammit, people! We need to use Rust NOW!

[Darinbob]

That's why its linker should be called Duck Tape.

Re:Goddammit, people! We need to use Rust NOW!

[NotInHere]

Rust uses the normal C/C++ linker.

Re:Goddammit, people! We need to use Rust NOW!

For crying out loud! How long must this continue? We need to start using the trump programming language [trump-lang.org] and we need to start using it now! If you don't know what trump is, let me inform you. The trump web site describes it as "a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety." It has "guaranteed memory safety" and it has "threads without data races" and you get all of this with "zero-cost abstractions"! trump doesn't just make programming safe. Thanks to its code of conduct [trump-lang.org] the trump community is a safe space free of intolerance and prejudice, too.

Essentially, trump is what C and C++ should have been all along. This submission shows that we badly need what trump offers. We need the safety of trump, and we need it now! I don't think we really have any choice. We need to start using trump for everything! It's the only way we can be sure that the software we're writing is safe and secure.

Re:Goddammit, people! We need to use Rust NOW!

What's the guarantee say? Perfect safety or your money back?

Of course not. OP is indeed a funny kind of troll, who wants to make something (Rust) unpalatable by seemingly advertising its qualities, but also using a deliberately obnoxious tone and trying to push people's buttons (what else is the completely irrelevant CoC mention for?)

Now, about Rust: it uses an ownership model with an underlying affine type system, combined with adapted region-based memory management which first appeared in the research language Cyclone. That should be enough of a starting point for someone who actually wants to find out more about its theoretical underpinnings. No one except trolls is trying to guarantee "perfect safety", or to claim elimination of all known bugs. What does currently exist is an environment which goes a long way towards eliminating several classes of memory-unsafety bugs under circumstances which hold in a large number of cases, and doing so without compromising raw performance (that's what the "zero-cost abstractions" part is about.)

All magic bullets are essentially myths. You fix some errors more easily but then get lulled into a false sense of security instead of always being on guard.

Rust is not a magic bullet. Just a system programming language which is very pleasant to develop in once you overcome the initial, and admittedly steep, learning hurdle.

Re:Goddammit, people! We need to use Rust NOW!

For the most part it is not the languages that create security issues it is those who are using it. The more a language becomes tightly regimented and restrictive all in the name of security it eventually reduces it's extensibility and programmers start looking for workarounds and dangerous coding practices in the effort to reach the final outcome. And the outcome is an application that delivers the requested functionality. Every OS has security vulnerabilities that can be exploited by the applications running on the OS. OS programmers are not application programmers and application programmers are definitely not OS programmers. They are two entirely different areas of expertise each requiring there own skillset.

Re:Goddammit, people! We need to use Rust NOW!

[guruevi]

The problem with Rust and Java, even though they are safer they are also a lot slower. If you want something to be successful, you need to be able to take existing code and compile it with all the checks and balances of Rust/Java checked during compilation, not runtime. Testing is useful but not quite broad enough, on the other hand, I don't want to insert or be forced to insert a number of runtime range checks when I'm dealing with realtime code on a closed platform.

Re:Goddammit, people! We need to use Rust NOW!

[Darinbob]

This is why I liked the concept in Eiffel. Basically pepper your code with lots of easy to use pre-condititions and post-conditions and develop that way, but in production you can disable those checks so that you don't have abysmal performance. Of course you need training for this, you can't just plop down any old Java programmer and have them do it right. I see code today where people just toss in asserts left and right for things that could be easily handled, so you end up with customers having regular crashes because some developer didn't think that an unexpected type of packet would show up.

Re:Goddammit, people! We need to use Rust NOW!

No, Rust is not a lot slower. It's not another Java.

Anyway, Java isn't that slow either. For most of the applications in question, Java actually would have been an excellent language to use. (Except that its runtime is too heavyweight to use it in a package manager.)

Re:Goddammit, people! We need to use Rust NOW!

This is just ignorant. C is responsible for a very large number of security exploits. Remote code exploits are pretty much the worst exploits possible, and C and C++ are the only popular languages around that allow them. (Any other language that does, probably does so because it was, sadly, implemented in C or C++.)

Nobody writes more dangerous code in Java than they do in C. It's actually the reverse: C has so many annoying limitations that you work around them by resorting to dangerous habits, whereas doing the right thing would've been easy in Java.

Re:Goddammit, people! We need to use Rust NOW!

[guruevi]

Java isn't slow (although library creep quickly makes big programs slow as molasses) but it's still a magnitude slower than C/C++. In recent benchmarks Rust performs as good (or bad) as Java, Haskell and Go and the programs also compile to much (two times) larger binaries. Although that's "okay" for most desktop software (is it?) to be significantly slower, imagine Google, Apple or Amazon suddenly requiring 10-20% more data centers worldwide or instead of the 64k chip, having to purchase the 128k chip for a few million of embedded devices.

Re:Goddammit, people! We need to use Rust NOW!

Sometimes you need to stop and laugh ;-) too serious !

So, Linux, BSD, OSX, are all vulnerable...

But Windows is safe?

Re:So, Linux, BSD, OSX, are all vulnerable...

libarchive is BSD licensed so it's entirely possible Microsoft (or some other company producing software for Windows) used it for something at some point.

Re:So, Linux, BSD, OSX, are all vulnerable...

[doconnor]

Windows is closed source, so you can't find out.

Re:So, Linux, BSD, OSX, are all vulnerable...

libarchive is widely used, I'm sure there are plenty of Windows programs that have it compiled in, just like the libjpeg and libpng vulnerabilities hit Windows.

Re:So, Linux, BSD, OSX, are all vulnerable...

[exomondo]

Of course you can find out. You can test against this vulnerability and see if you can exploit it on Windows, if you can't then obviously it isn't vulnerable to it.

Fuck all this

I'm going back to DOS 2.11 on my bone stock original IBM XT.
HACK THAT! HA!

Would a Mozilla Rust-only OS have prevented this?

I keep hearing about how safe Mozilla's new Rust lang is.
Let's say we had a whole OS written in Rust.
It is Rust top to bottom.
The boot loader is written in Rust.
The init system is written in Rust.
The kernel is written in Rust.
The libs are written in Rust.
The apps are written in Rust.
Everything about this OS is written in Rust.
Would this OS be invincible to flaws like this?
Why doesn't Mozilla make an OS that is totally written in Rust?

Fad of the day vs D language

[inode_buddha]

What really amazes me is how people seem completely oblivious to D. The D programming language was the logical heir and successor to C, fixing many of its flaws and extending it in relevant ways.

Re:Fad of the day vs D language

What really amazes me is how people seem completely oblivious to D. The D programming language was the logical heir and successor to C, fixing many of its flaws and extending it in relevant ways.

Probably nobody wants to code in the D

Re:Fad of the day vs D language

[BronsCon]

So, what you're saying is you want the D, and you think everyone else should want the D, too?

Re:Fad of the day vs D language

[Darinbob]

It's a nice language too. It seemed to hit a peak popularity though. Mozilla could have used it but I suspect there's a lot of thinking about how to do even better, better implementation, better tuned to their local needs, etc.

Re:Fad of the day vs D language

[phantomfive]

I always thought of D (and also now, Rust) as replacements for C++, not for C. Totally different purposes.

And now D has missed the "type" wave that is the big hype right now.

Re:Fad of the day vs D language

Digital Mars can go fuck themselves. Make it an official open standard or it gets the hose again.

We use languages with standards to avoid nightmares like the ones Oracle invokes over Java.

Re:Fad of the day vs D language

[haruchai]

I wonder if Google Go aka golang is ready for prime time.
I don't know who Robert Griesemer is but Rob Pike & Ken Thompson? If systems programmers had gods.......

Re:Fad of the day vs D language

[phantomfive]

Reports are that Go works great in production. The biggest reason I see that people use Rust instead is that Go is a garbage-collection based language. Also some people are turned off by the lack of inheritance, but those people probably aren't C programmers.

Re:Fad of the day vs D language

[haruchai]

Just how popular is Rust? It's not been around for very long and I'm surprised that it would quickly win out over more established ones like D, Eiffel, Scala, Erlang or Ruby

Re:Fad of the day vs D language

[HiThere]

While there's a certain amount of justice in that position, I'd be more open to it if C++ was less of a cluster-fuck. It works, sort of, but UGLY!!

That said D is putting a lot of effort into developing template level stuff which is NOT where my interest is. I understand that it helps make efficient code that you can specify at compile time, but I'm more interested in efficient code that you can adapt at run time. Objective-C would be reasonable, I think, if development hadn't stopped on anything except Apple. And Apple has a history of dropping languages and leaving them to die. I spent many years with ObjectPascal for the Apple.

So I agree that D needs to have an Open Standards organization set up...but it should probably be controlled by Walter Bright. It already is rather open, with two forks (LDC and GDC: LLVM and gcc based implementations), but there does need to be some sort of standards process. As the Python community put it "What happens if Guido is hit by a bus?". Possibly the same approach would be effective.

Re:Fad of the day vs D language

[HiThere]

D is a truly terrible name to search for on the web. I understand the rationale behind it, but search engines needed more consideration. Asking everyone referring to it to use the phrase "the D programming language" isn't an optimal solution. Even dlang (analogous to golang) would have been better.

Re:Fad of the day vs D language

[phantomfive]

I don't know how popular it is in terms of numbers, but in terms of hype it's the top of the heap.
The Rust team has an organization (Mozilla) behind them helping to drive things forward. I haven't heard of many companies adopting it (except maybe on a side/experimental project by one developer) but people are talking about replacing the entire unix-land with it because it's presumably safer.

Re:Fad of the day vs D language

How dare you fail to mention the one true god: Dennis Ritchie.

Re:Fad of the day vs D language

Rust is not another D. D is garbage collected, so C++ programmers would never consider it a real alternative.

Rust is also much more modern and includes a lot of important lessons about programming languages from recent decades that D ignored.

Re:Fad of the day vs D language

"Go" is just as bad. Maybe worse.

CVE-2016-4300

[Fly+Swatter]

Is not publicly available yet, why is Talos posting a public blog (and howto) for a vulnerability without proper time for the fix to trickle out to major distributions ?

Isn't that a no-no? Especially if you claim to be a 'security specialist' ?

Re:CVE-2016-4300

There is no shortage of CVEs for libarchive. Really.

Re: CVE-2016-4300

Those of us who don't rely solely on distros (especially those of us not using Linux!) to provide security updates shouldn't be artificially held back from fixing our systems sooner.

Re:CVE-2016-4300

It is common for the reserved CVE to not be published until days after the vendor has already provided patches.

Re:CVE-2016-4300

It is typically seen as a no-no unless you are a Google researcher publishing Windows vulnerabilities in an attempt to pump up ChromeOS.

Re:CVE-2016-4300

CVE-2016-4300 Is not publicly available yet

The source code is publicly available, it always has been. This is the whole mantra of open source!

"the libarchive maintainers have released patches"

[volkerdi]

Really? I've not been able to find anything other than a new release. The patches might be in git, but they are not easily found.

Re: "the libarchive maintainers have released patc

Generate the diff yourself using the newest source code and the source code of the release before that. It's not hard to do.

software developers in general do a poor job

"That's because software developers in general do a poor job of tracking vulnerabilities..." he writes, and then cites another article he wrote.
Don't believe what I wrote? Well just look at this other thing I wrote.

Re: "the libarchive maintainers have released patc

But how am I supposed to tell which changes are due to the vulnerability and which are due to the 12 new archive formats that were invented last week? There's just so much new stuff in the world of archives, I'll never figure it out!

Re:"the libarchive maintainers have released patch

[NotInHere]

They are in git, indeed:

CVE-2016-4300: https://github.com/libarchive/...
CVE-2016-4301: https://github.com/libarchive/...
CVE-2016-4302: https://github.com/libarchive/...

append .patch to the url in order to get an apply-able patch.

But better update the whole library, usually there is lots of security related fixing going on when a security researcher takes a look at the code. Also, the git commit log may lie, and in fact some other commits fixed the issue, its just not marked this prominently.

The best policy is always to not copy the whole library into your source tree, but making downloading the library part of the build process. If you have to modify the library some way, its best to upstream those changes, but if you don't want to do it for some reason, or can't do it, then you can create patch files, and apply the patches as part of the build process as well. Updating the library then gets as easy as changing an url and rebuilding + checking that all the patches applied + retesting.

Re:Would a Mozilla Rust-only OS have prevented thi

[Guy+Harris]

It is Rust top to bottom.

It probably wouldn't be very good on mobile machines because, as we know, Rust never sleeps.

Shared libraries

This is one of the whole ****ing points of using shared libraries, that fixes can be put in place once instead of descending into an auditing and update uncertainty nightmare. But it seems with modern projects like docker, snap, flatpak et al we are descending down the idiot hole. Why are modern developers failing to learn well understood lessons? Have we failed to pass on the knowledge or is it being ignored?

Re:Shared libraries

Indeed. We have spent years making this work really quite well, and now we are about to descend into the (other) dependency hell and bloat that plagues Java and its ilk in the guise of "fat JARs". Snap, flatpak, docker et. al. are more of the same.

Re:Shared libraries

[ledow]

Because when your program crashes / errors / doesn't work because someone updated the library that it depends on, it looks like you're the idiot.

Because when your program does that because the library isn't installed, or the dependencies were wrongly specified, or API changed (because the old one was declared unfixable without a change of API because of, say, a security issue?), or whatever reason, you get the blame. Have you seen the vitriol you can get as a developer on, say, Steam, because your program needs a certain DirectX DLL and the user has to run the "official" DirectX installer all over again like they did for hundreds of other games. Or .NET. Or even audio DLL's.

And if you upgrade the library, it can break other programs on the same machine and if you don't upgrade, you can break the expectations of new programs or propagate security flaws.

Sure, it's a lovely idea that we get a perfect static API and shared libraries the same on every machine and architecture, but it's a pipe dream. And when you include certain OS into the mix, shared libraries quickly become a nightmare (e.g. Windows DLL hell such as Cygwin still has, etc.). Or are we supposed to compile against a shared library on Linux and a static on Windows?

In the end, sometimes the only way to do these things without getting 500 users on the first day of software release all complaining about install the Visual C++ DLL's yet again, or not working on a fresh system because it needs all the dependencies installing, etc. is to statically compile. Which, for 99% of programs which aren't security critical (Games? Are you going to open a "malicious" savegame?), is the only sensible way to go.

The problem is that shared libraries have no sense of versioning or backwards compatibility and little auto-resolution of dependencies without someone, somewhere literally writing out a list. And, even then, the list of dependencies sucked in might be far too much just because you include support for, say, OGG, MP3 and whatever where most people only care about MP3 but - bam - "apt-get install" automatically brings in dozens of libraries that aren't necessary, potentially giving you more problems than you started with.

The program is that the developer gets the blame for the distribution, installer, third-parties or even just lack of user common sense when it comes to shared libraries.

Re:Shared libraries

Basically, your post boils down to "I don't understand something, therefore it cannot possibly exist"

Now, I honestly can't tell if you're being serious or just trolling, but for your benefit, in short:

1. Shared libraries have extensive versioning information embedded into them, which is why you can hold a couple of versions of the same library. The real point of versioning is to signal ABI changes, and not marketing as you may assume.

2. If you upgrade a library, you don't crash an existing program due to ABI changes because of 1. versioning, and also because of copy on run semantics.

3. Versioning and dependencies have been a pretty much solved problem for many years now. In fact, we're spoilt for choice with ways to manage this.

4. You don't want to hold a single copy of a library that something you installed depends on, but you'd rather hold multiple copies of the every library for every single thing you've installed? I don't understand why you can't see that this is far worse.

So I'll leave you to your security nightmare, and when you get hacked and your bank account emptied, remember to tell your bank that you were warned but failed to take sensible precautions!

Re:Shared libraries

[CrashNBrn]

I get where Canonical is coming from regarding Snaps as such, but I fail to see why it's not implemented with softlinks.

Install all libraries into "/snaps/lib/<NAME>/<version.X.Y.Z>/" and link to the directory.

Worst-case scenario in that setup, would be at most a single duplication of a given library version - that you already have installed in your system.

Then ALL "snaps" could run a compatibility-check when updating the snaps shared-libraries before linking to the new version, as well as easily fall back to the old-library-version if necessary.

Re: Shared libraries

Give that a few more years development, and you might be on to something. Like what existing packaging systems have been doing for the past couple of decades!

Re:Shared libraries

But security patches aren't necessarily (in fact not very often) backported to older versions of libraries so applications that rely on those older versions suffer the vulnerabilities. Yes libraries should specify an ABI version that applications rely on as well as a patch revision that applications ignore so people know whether bugs/vulnerabilities have been resolved but the applications still work with the updated library but in reality that doesn't happen and you just end up with a bunch of copies of vulnerable shared libraries that applications rely on.

Re: Shared libraries

I can't disagree, this is why you need distros and maintainers. Shared libraries make it far easier to verify, but the work still has to be done somewhere, just nowhere near as many places.

Re:Shared libraries

[HiThere]

Indeed, but shared libraries have their own problems, which have the general name "central point of failure" and include things like the interface being updated in a way incompatible with your application, but also the central repository being hacked, and many other cases. I would hesitate to say that either approach is, in general, better than the other, but each approach avoids many of the problems inherent in the other.

Re: Shared libraries

Interface changing is versioned abi, a known solved problem. Repository being hacked is cryptographically signed packages, a known solved problem. If your source tree is hacked, well then nothing is going to help anyway, but places you in the same update situation again once found. In every case, bundling all libraries with each binary multiplies the potential for vulnerabilities to sneak in a thousandfold.

Re:Shared libraries

[ledow]

1) Yes. They do. And point versions are normally fine. When they are updated. But take OpenSSL as an example - numerous programs broke when they had to change the way the library worked. And if something breaks the ABI, the shared library stops and the program needs a rewrite. This does happen all the time.

2) No, maybe not "crash" in the programmer sense. But it will refuse to load, error out, the function won't be found by dlopen or similar. To the user, that's all pretty much the same thing. Take a Windows game and upgrade the library to a non-compatible version. It just stops working, errors out, or falls over itself into an error handler that only the developer can fix.

3) Nope. You think that. It's just not that simple. Manage a network or similar and see. Windows will bodge it by keeping old copies of DLL's around in a cache for particular programs but still be using them (insecure much?) and they can be a bitch to discover which particular version it's decided to use for a particular program. Linux et al pretty much have a "get the updated library" mentality (which is correct, but just breaks "working" programs from the user point of view). If you really want to prove this to yourself, install multiple copies of Cygwin and then see what happens to your programs that use it.

4) I don't WANT to do any of those things. Nobody does. But the reason those kinds of things occur, the reason that hundreds of games in my library have their own copies of SDL libraries and similar or are statically compiled is not because those people want to. It's because that's how you get things to work for your users with the least amount of hassle.

It's not MY security nightmare. It's OURS until we learn to deal with it differently. Our bodge at the moment is to keep old copies of libraries around silently and not tell anyone (happens even on Linux if the shared library is in use, even if only for a limited period of time until certain applications restart). That's not secure. The alternative is break existing user programs in ways that users cannot fix (Sorry, no, you can't do your banking / gaming / browsing until we release a new version). That's not acceptable either, but it is why many developers of non-security-critical programs choose not to do that.

The solution is not as clear cut as you make out, especially when new versions of libraries do anything more than just add features and put in compatibility layers for older functions. The second you deprecate, you've broken userspace. The second you introduce an element to a structure, you've broken userspace. The second you write a new way of doing things without providing a 100% backwards compatible legacy function emulation, you've broken userspace.

That might be acceptable on a closed system with on-hand developers. It's not out there in the real world, especially where people do business or are charging customers for it.

I'm not saying there's a solution. In fact, I'm saying you're blinkered to think that either way is a real-world viable solution. The problem is that we have no alternative and have to choose between "Program may be insecure" or "Program won't work next week without warning".

Modern devs are Hipsters/Millennials.

The problem is that too many modern devs are Hipsters/Millennials. Their entire culture and mindset revolves around them being sure that they know exactly what's right, even when they're clueless. They apply this philosophy everywhere, all of the time. They take a touchy/feely approach to everything, rather than applying logic, principles, and knowledge. Thanks to them being part of a demographic bulge, they have used their large numbers to quickly overwhelm everybody else.

That's why the software UIs they create are so goddamn awful. Hipsters/Millennials throw out decades of accumulated knowledge about good UI design. They don't bother to ask the users what they want or need. Instead, Hipster/Millennial UI designers make a UI that they think looks pretty, and then they tell the users to shut the fuck up and use it. Firefox and GNOME 3 are superb examples of this.

It's the same for databases. Hipsters/Millennials throw out decades of accumulated knowledge about relational databases and the ACID principles. Instead they store everything in NoSQL databases, which are typically nothing more than hash tables. Then they act surprised when their data becomes inconsistent, assuming it isn't lost completely!

And it's the same for building and deploying software. They've thrown out decades of accumulated knowledge about how to build and deploy software. Hipsters/Millennials are all about magical "package managers" and "containers", and sometimes even "containers" nested within other "containers"! They don't care, or likely don't even realize, that these are bad ways of doing things.

Maybe the next generation of developers who come after the Hipsters/Millennials will have a more modest attitude, and will be willing to learn from the knowledge we have accumulated over time, rather than being like the Hipsters/Millennials who reject knowledge.

Re:Modern devs are Hipsters/Millennials.

oh gees not this shit again. It's not the millennials coming up with retarded "innovations" like systemd, it's the older generation in their late 30s. And of the older generation who were engineers that have now moved into management that thought "release early, release often" was a great strategy, they are now pushing their idiocy on everybody and demanding the release of new shit every couple of weeks.

Good luck

[JThundley]

Good luck updating all your vulnerable software, Windows users!

Re:Good luck

Good luck updating all your vulnerable software, Windows users!

I need to replace most of my software to work with Windows 10 anyways.

Re:Good luck

[HiThere]

Good luck updating all your vulnerable software, whatever your OS. It is quite legal for this code to be embedded within other code, so there's no guarantee that FOSS programs haven't done so...or done so for portions of the code, which would make an update problematical.

Re: Good luck

[buchanmilne]

Except in most distributions, if upstream software is found to ship private copies of libraries, the packager/maintainer will either ensure the software is built against a system version if the software natively supports that or patch it to if it doesn't.

Re: Good luck

[HiThere]

And if they only use a part of it? That's where the real update problem comes in if it's open source.

Re: Good luck

Then it's a separate vulnerability in a separate product.

Re:Good luck

[JThundley]

Why would Free software projects include statically-compiled libraries and not update them?

Re:Would a Mozilla Rust-only OS have prevented thi

[HiThere]

There are classes of bugs that would not show up in Rust programs. But most languages can make the same claim (for different classes of bugs). The only exception I can think of is (non-macro) assembler.

Probably the safest reasonable language is SparkAda, which is a subset of Ada. But it's not really convenient to use it.

And, honestly, a complete language is going to have entire classes of bugs that cannot be detected. This is sort of a corollary to the halting problem.

That said, Rust claims to be immune to classes of bugs that make concurrent execution difficult. I prefer message passing, though.

WHY - 1% CONTROL

The 1% and their thugs want each and every computer to be hackable. Just read what Fiorina and Hillary say.

THAT is why the crap language C is pervasively used. It keeps our computers open for 1% inspection. It facilitates CONTROL of the 99% by the 1%.

God Of Cyber War Domain ?

I guess the correct term would be Curse Of The 99%.

Yeah Mr NSA

"resistance is futile, give us your data"

FUCK THAT !

Dear Bankster Operative

Rot in Hell.

Re:Would a Mozilla Rust-only OS have prevented thi

You probably will see OSes written in Rust soon. Rust isn't really ready yet, it's still changing pretty fast as a language and it lacks some features that you'd want, things that C++ already has. But it's getting there.

Microsoft actually created something like what you describe with their own safe language, it was called Midori. You can read about it on Joe Duffy's blog.

Re: Would a Mozilla Rust-only OS have prevented th

I don't want my computer to rust, that sounds terrible!