Just looked through the security assessment on the rust rewrite of core utils, and this is why just rewriting everything in the last language is such a dangerous things.
-
Just looked through the security assessment on the rust rewrite of core utils, and this is why just rewriting everything in the last language is such a dangerous things. They literally threw out 20+ years of security fixes because they thought it was cool and would increase security.
At least a security assessment was done, but some of those failures are pretty bad, and very likely to have had serious security implications if they were deployed into any real world system. Setting mode bits incorrectly, TOCTOU, arbitrary file overwrites are just terrible.
Would I have likely introduced some of the bugs if I had done the work? Yes. Would I have done the work? No, I'm not that crazy.
I do wonder if they did white box or black box when they copied functionality. I'm suspecting black box because of some of the errors.
-
Just looked through the security assessment on the rust rewrite of core utils, and this is why just rewriting everything in the last language is such a dangerous things. They literally threw out 20+ years of security fixes because they thought it was cool and would increase security.
At least a security assessment was done, but some of those failures are pretty bad, and very likely to have had serious security implications if they were deployed into any real world system. Setting mode bits incorrectly, TOCTOU, arbitrary file overwrites are just terrible.
Would I have likely introduced some of the bugs if I had done the work? Yes. Would I have done the work? No, I'm not that crazy.
I do wonder if they did white box or black box when they copied functionality. I'm suspecting black box because of some of the errors.
@encthenet I recently bought two books by Shigeo Shingō, from the mid-1980s. One of them (Zero Quality Control: Source Inspection and the Poka-Yoke System) consists for a large part of single-page forms explaining factory worker's mistakes causing faulty products, countermeasures taken, the costs involved, and the estimated savings of not shipping faulty products.
As I browsed through them, I had a similar realisation: this history isn't just to show off how valuable the quality control is, or how to appreach quality control work, but it is capital. It is know-how that comes with the design of the product. Some of those fixes were as small as "make a little raised lip of metal so that you can't install the switch the wrong way around". But if you'd disassemble the end product and see that bit of metal jut out, you might just think, "huh, that looks useless."
A redesign that doesn't also scrutinise all the mistakes that were made is doomed to repeat them.
-
R relay@relay.infosec.exchange shared this topic
-
@encthenet I recently bought two books by Shigeo Shingō, from the mid-1980s. One of them (Zero Quality Control: Source Inspection and the Poka-Yoke System) consists for a large part of single-page forms explaining factory worker's mistakes causing faulty products, countermeasures taken, the costs involved, and the estimated savings of not shipping faulty products.
As I browsed through them, I had a similar realisation: this history isn't just to show off how valuable the quality control is, or how to appreach quality control work, but it is capital. It is know-how that comes with the design of the product. Some of those fixes were as small as "make a little raised lip of metal so that you can't install the switch the wrong way around". But if you'd disassemble the end product and see that bit of metal jut out, you might just think, "huh, that looks useless."
A redesign that doesn't also scrutinise all the mistakes that were made is doomed to repeat them.
@encthenet That said, I have yet to see a software project that has such a clear collection of "historical bugs and how we fixed and prevented them" body of knowledge. I doubt coreutils has one.
