A shitpost about languages that generate CVEs

  • 0x0
    link
    fedilink
    arrow-up
    23
    arrow-down
    13
    ·
    5 months ago

    The “C is bad trope” is getting way too old. I’m surprised the author didn’t plug Rust.

    the only programming language in the world where these vulnerabilities regularly happen

    Maybe because it’s one of the most widely used languages in the world…

    • BatmanAoD
      link
      fedilink
      arrow-up
      28
      ·
      5 months ago

      The trope will be “old” once the mainstream view is no longer that C-style memory management is “good enough”.

      That said, this particular vulnerability was primarily due to how signals work, which I understand to be kind of unavoidably terrible in any language.

      • 5C5C5C
        link
        fedilink
        arrow-up
        6
        arrow-down
        1
        ·
        5 months ago

        A better language wouldn’t have any need to use POSIX signals in this way.

        • BatmanAoD
          link
          fedilink
          arrow-up
          9
          ·
          5 months ago

          I’m not totally clear on why signals are used here in the first place. Arguably most C code doesn’t “need” to use signals in complex ways, either.

    • lad
      link
      fedilink
      English
      arrow-up
      12
      arrow-down
      1
      ·
      5 months ago

      Well, one of the most widely used that allows to do low-level stuff. The most widely used one is by far JavaScript but good luck making an OS or a device driver with it

      • fuzzzerd
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        5 months ago

        I’m sure there are projects covering those areas written in JavaScript.

        • OutsideNo1877
          link
          fedilink
          arrow-up
          6
          ·
          5 months ago

          Just because you can doesn’t mean you should and i hope that is not a thing

        • echindod
          link
          fedilink
          arrow-up
          4
          ·
          5 months ago

          Oh gawd. That would be so horrible! Is there a project o compile JavaScript to bytecode? With like LLVM? There must be, but I haven’t heard of it. I shouldn’t even say anything because I will be better off pretending it doesn’t exist.