Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mozilla Will Ship Its First Rust Component In Firefox 48 (softpedia.com)

Posted by BeauHD on from the unseasoned-cast-iron dept.

An anonymous reader quotes a report from Softpedia: Mozilla announced today plans to ship its first ever Rust code with the production releases of Firefox. The first ever Rust components will arrive in Firefox 48, scheduled for release on August 2, 2016. After teasing Rust features last year, the Mozilla Foundation announced today that Firefox 48 would contain a new media stack component that's entirely coded in Rust. The first Firefox component to feature Rust code was not chosen at random because media components often execute malicious code when parsing multimedia files. "This makes a memory-safe programming language like Rust a compelling addition to Mozilla's tool-chest for protecting against potentially malicious media content on the Web," says Dave Herman, Director of Strategy at Mozilla Research. During tests of this Rust-based media component in Firefox's unstable builds, Mozilla says that after one billion uses they have yet to see a crash or issue in the Rust media component. Last month, Mozilla released the first versions of Servo, a minimal browser created in Rust code alone. At around the same time, Microsoft open-sourced Checked C, an extension to the C programming language that brings new features to address a series of security-related issues.

5 of 167 comments (clear)

  1. Only as safe as the sandbox by Anonymous Coward · · Score: 2, Interesting

    Java isn't supposed to be able to get out of its sandbox without permission, yet it's the source of many vulnerabilities. Why would we trust Rust to be any safer?

    1. Re:Only as safe as the sandbox by Cyberax · · Score: 3, Interesting

      Java bytecode confinement is fairly safe. But the security model for the sandbox was a disaster, basically full of "become root" classes because it relied on poorly thought-out "code access security". Rust's security model is much simpler - it was not designed to contain untrusted code, but to make sure that trusted code is not going to blow up.

    2. Re:Only as safe as the sandbox by gweihir · · Score: 1, Interesting

      On the other hand, whole nasty classes of bugs related to buffer overflows, stack smashing and data races cannot happen, which makes it harder to attack from the outside than C.

      That so only true if the compiler and run-time system do not have bugs. How well that assumption holds up in practice can be seen in other languages. And, because they are "safer", languages with safe memory usually come with less competent coders, which often nicely eliminates any advantage gained.

      My prediction is that Rust will do nothing security-wise as soon as attackers actually start to attack it. Initially, it will of course seem to improve things, because attackers will not invest the time to find out how to deal with a new technology that may not even be around for a longer time.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  2. Re:rust community by NotInHere · · Score: 4, Interesting

    Nope, in fact its the opposite. Thanks to its ownership model, Rust eliminates most of the ugly access bugs that you might run into if you do multithreading. It puts the information whether something needs to be locked before being accessed, or whether its totally threadsafe into the type system, so that the compiler can verify everything is working as you intended it.

    Of course, its not perfect, but rust is one of the languages you might want to start your multithreaded program in. It doesn't save you from thinking about the problems, but if you got it wrong, it won't compile. There are still bugs, but none that fall into the category C++ would describe as "undefined behaviour" (and those are many times the reasons for the most evil security bugs AND the hardest to debug).

  3. Re:Who but Mozilla? by TangoMargarine · · Score: 1, Interesting

    It's otherwise no better than Firefox, and has not improved significantly since its inception.

    Don't fix what ain't broke. Pale Moon has unfucked the Firefox interface, which is a big improvement in my book.

    It has already broken compatibility with more addons than Firefox did.

    A) They've got a whole library of fixed extension for ones that are broken.
    B) Firefox is jettisoning their entire extension system anyway in the near future so it's not like they'll be any better.

    or it will continue its slow downward spiral into irrelevance

    Are we talking about PM or FF? Have you looked at your user figures recently?

    and once Mozilla (rightly) stops supporting those outdated legacy things

    You mean the things you're ripping PM for not supporting in this very same post?

    It's rather interesting that all these posts are by (presumably the same) Anonymous Coward, too.

    --
    Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF