GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Wolf480pl (wolf480pl@mstdn.io)'s status on Monday, 04-Mar-2024 21:45:57 JST Wolf480pl Wolf480pl

    CVSS scores are such bullshit!

    > if you use this Rust library in a clearly wrong way, you will be able to introduce UB into your program without using the `unsafe` keywors
    > also this library is a pain to use

    CVSS 9.8 critical!

    In conversation about a year ago from mstdn.io permalink
    • Embed this notice
      Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Monday, 04-Mar-2024 21:45:56 JST Haelwenn /элвэн/ :triskell: Haelwenn /элвэн/ :triskell:
      in reply to

      @wolf480pl yeah for me CVSS ought to be dropped for better metadata like tags, where there you could /dev/null anything about undefined_behavior (let's be honest, doesn't matters outside of static analysis).

      In conversation about a year ago permalink
    • Embed this notice
      Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Monday, 04-Mar-2024 21:56:07 JST Haelwenn /элвэн/ :triskell: Haelwenn /элвэн/ :triskell:
      in reply to
      @wolf480pl Plus like, in practice, if the issue is your *library* getting exploited by code in the application, you've lost by design, there's *no* isolation between ~modules.
      In conversation about a year ago permalink
    • Embed this notice
      Wolf480pl (wolf480pl@mstdn.io)'s status on Monday, 04-Mar-2024 21:56:08 JST Wolf480pl Wolf480pl
      in reply to
      • Haelwenn /элвэн/ :triskell:

      @lanodan a sufficiently ceative compiler can turn any UB into an RCE, but like... researchers should be required to show a PoC of that RCE

      In conversation about a year ago permalink
    • Embed this notice
      Wolf480pl (wolf480pl@mstdn.io)'s status on Monday, 04-Mar-2024 22:05:53 JST Wolf480pl Wolf480pl
      in reply to
      • Glitch

      @glitch it's more of a "language marketed as idiot-proof turns out to not be idiot-proof"

      In conversation about a year ago permalink
      Haelwenn /элвэн/ :triskell: likes this.
    • Embed this notice
      Glitch (glitch@pl.glitch.pm)'s status on Monday, 04-Mar-2024 22:05:55 JST Glitch Glitch
      in reply to
      @wolf480pl is this the rust version of "regex DDoS attack in nodejs library"?
      In conversation about a year ago permalink
    • Embed this notice
      iced depresso (icedquinn@blob.cat)'s status on Sunday, 10-Mar-2024 08:14:24 JST iced depresso iced depresso
      in reply to
      @wolf480pl i feel like at some point people are going to learn that rust code on the wire is just as unsafe as C code, given the safeties exist up in the borrow checker and not in the libraries.
      In conversation about a year ago permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.