47
Bugs Rust Won't Catch | corrode Rust Consulting - Analysis of Rust Coreutils (uutils) Bugs (corrode.dev)
submitted 4 days ago by cm0002@literature.cafe to c/linux@programming.dev
21 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] Mihies@programming.dev 2 points 3 days ago

Memory safety is something compiler understands and has under control, this stuff it does not. Nor it should.

[-] TehPers@beehaw.org 3 points 3 days ago* (last edited 3 days ago)

Many of their TOCTOU issues are something a type system can help with. Require operations to execute on a fd handle directly rather than using convenience functions.

let fd = FileDescriptor::new(path);
fd.delete()?;
fd.create(mode)?;

let is_root = fd == FileDescriptor::new("/"); // does (dev, inode) comparison internally
// etc

The uutils devs would need to create that themselves, but OpenOptions seems to get them part of the way there at least.

[-] BB_C@programming.dev 2 points 3 days ago

That's a question of API, not type system. And FD types (e.g. OwnedFd, BorrowedFd) are already in std.

[-] TehPers@beehaw.org 1 points 3 days ago

That's a question of API, not type system.

It's only enforced because of Rust's strict type system. Python, on the other hand, lets you do whatever you want by comparison, and complains only at runtime. I've seen far too many **kwargs for my liking.

And FD types (e.g. OwnedFdBorrowedFd) are already in std.

My example would be a thin wrapper around these, most likely. It's only an example of what I'm trying to convey, though.

this post was submitted on 29 Apr 2026
47 points (96.1% liked)

Linux

13501 readers
515 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev