Conversation

Notices

1. Embed this notice
   daniel:// stenberg:// (bagder@mastodon.social)'s status on Thursday, 12-Dec-2024 18:02:05 JST daniel:// stenberg://

   About 40% of #curl's vulnerabilities could have been avoided had we not used C.

   • Embed this notice
     翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Thursday, 12-Dec-2024 18:02:05 JST 翠星石

     in reply to
     @bagder curl would have been hot garbage if you didn't use C.
     
     For me it's GNU wget of course.
   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Thursday, 12-Dec-2024 19:58:14 JST Rich Felker

     in reply to

     • HAMMER SMASHED FILESYSTEM 🇺🇦

     @lkundrak @bagder https://github.com/kelseyhightower/nocode

   • Embed this notice
     HAMMER SMASHED FILESYSTEM 🇺🇦 (lkundrak@metalhead.club)'s status on Thursday, 12-Dec-2024 19:58:15 JST HAMMER SMASHED FILESYSTEM 🇺🇦

     in reply to

     @bagder 100% could've been avoided had you not been using any language!

   • Embed this notice
     daniel:// stenberg:// (bagder@mastodon.social)'s status on Thursday, 12-Dec-2024 19:58:36 JST daniel:// stenberg://

     in reply to

     • LangerJan

     @LangerJan

     https://curl.se/docs/security.html explains:

     The flaws listed as "C mistakes" are vulnerabilities that we deem are likely to not have happened should we have used a memory-safe language rather than C. The C mistakes are divided into the following areas: OVERFLOW, OVERREAD, DOUBLE_FREE, USE_AFTER_FREE, NULL_MISTAKE and UNINIT.

   • Embed this notice
     LangerJan (langerjan@chaos.social)'s status on Thursday, 12-Dec-2024 19:58:37 JST LangerJan

     in reply to

     @bagder where I can I do further reading on what’s defined as a C mistake?

     Rich Felker repeated this.