0x0@programming.dev to Programming@programming.dev · 7 months agoCritical Rust flaw enables Windows command injection attackswww.bleepingcomputer.comexternal-linkmessage-square4fedilinkarrow-up12arrow-down10cross-posted to: security@lemmy.mltechnology@lemmy.worldrust@programming.devpulse_of_truth@infosec.pub
arrow-up12arrow-down1external-linkCritical Rust flaw enables Windows command injection attackswww.bleepingcomputer.com0x0@programming.dev to Programming@programming.dev · 7 months agomessage-square4fedilinkcross-posted to: security@lemmy.mltechnology@lemmy.worldrust@programming.devpulse_of_truth@infosec.pub
minus-squareSekoia@lemmy.blahaj.zonelinkfedilinkarrow-up0·7 months agoAlso, the reason this is a CVE is because Rust itself guarantees that calling commands doesn’t evaluate shell stuff (but this breaks that guarantee). As far as I know C/C++ makes no such guarantee whatsoever.
minus-squareButtons@programming.devlinkfedilinkEnglisharrow-up0arrow-down1·7 months agoOur bug is their status quo.
Also, the reason this is a CVE is because Rust itself guarantees that calling commands doesn’t evaluate shell stuff (but this breaks that guarantee). As far as I know C/C++ makes no such guarantee whatsoever.
Our bug is their status quo.