0x0@programming.dev to Programming@programming.dev · 7 months agoCritical Rust flaw enables Windows command injection attackswww.bleepingcomputer.comexternal-linkmessage-square4fedilinkarrow-up12arrow-down10cross-posted to: security@lemmy.mltechnology@lemmy.worldrust@programming.devpulse_of_truth@infosec.pub
arrow-up12arrow-down1external-linkCritical Rust flaw enables Windows command injection attackswww.bleepingcomputer.com0x0@programming.dev to Programming@programming.dev · 7 months agomessage-square4fedilinkcross-posted to: security@lemmy.mltechnology@lemmy.worldrust@programming.devpulse_of_truth@infosec.pub
minus-squareonlinepersona@programming.devlinkfedilinkEnglisharrow-up0·7 months agoAt least it’s not a segfault, buffer overflow, or whatever else plagues C/C++ programs and is not easy to detect. Anti Commercial AI thingy CC BY-NC-SA 4.0
minus-squareSekoia@lemmy.blahaj.zonelinkfedilinkarrow-up0·7 months agoAlso, the reason this is a CVE is because Rust itself guarantees that calling commands doesn’t evaluate shell stuff (but this breaks that guarantee). As far as I know C/C++ makes no such guarantee whatsoever.
minus-squareButtons@programming.devlinkfedilinkEnglisharrow-up0arrow-down1·7 months agoOur bug is their status quo.
At least it’s not a segfault, buffer overflow, or whatever else plagues C/C++ programs and is not easy to detect.
Anti Commercial AI thingy
CC BY-NC-SA 4.0
Also, the reason this is a CVE is because Rust itself guarantees that calling commands doesn’t evaluate shell stuff (but this breaks that guarantee). As far as I know C/C++ makes no such guarantee whatsoever.
Our bug is their status quo.