Security White House urges developers to dump C and C++

[J65nko]

From https://www.infoworld.com/article/37...p-c-and-c.html:

Quote:

Biden administration calls for developers to embrace memory-safe programing languages and move away from those that cause buffer overflows and other memory access vulnerabilities.

The White House Office of the National Cyber Director (ONCD), in a report released Monday, called on developers to reduce the risk of cyberattacks by using programming languages that don’t have memory safety vulnerabilities. Technology companies “can prevent entire classes of vulnerabilities from entering the digital ecosystem” by adopting memory-safe programming languages, the White House said in a news release.

Memory-safe programming languages are protected from software bugs and vulnerabilities related to memory access, including buffer overflows, out-of-bounds reads, and memory leaks. Recent studies from Microsoft and Google have found that about 70 percent of all security vulnerabilities are caused by memory safety issues.

[Eric]

I think it would be more productive to hold corporations accountable for garbage software. I doubt many developers have a choice in the languages they are using at work.

[J65nko]

https://hackaday.com/2024/02/29/the-...y-red-herring/ is very critical about the White House report. Worth a read!

[blackhole]

Seems like corporate lobbying for Rust - which is backed by "Big Tech". Yet more typical "security theatre" from the likes of Google and MS.

[jmccue]

@blackhole That is my take too. Rust is still in flux and there are many architectures where it does not exist and maybe will never exist.

Quote:

Nevertheless, C retains the basic philosophy that programmers know what they are doing; it only requires that they state their intentions explicitly.

From "The C Programming Language Quotes by Brian W. Kernighan".

If programmers were given time to test and develop, many issues would not exist. Anyone who has ever worked for a large knows the pressure that exists to get things done quickly instead of right. So all these issues I blame on management.

How many times have we heard "ship it now, you can fix later" and "later" never comes.

Rust will never fix policy issues, just newer and maybe worst issues will happen.

[blackhole]

It's a dangerous situation, but most software devs will willingly sleepwalk right into it.

MS tried to do this kind of thing in the past, e.g. with .NET / mono, and this is a similar strategy with an added "leave security to us" selling point. We're seeing a lot of this security mantra lately. It's mostly a sales pitch.

You're right in that it's a corporate culture thing - it's assumed that "memory safe" languagee will replace code audits and speed up development, reducing costs, but also lock developers into a corporate controlled platform.

[shep]

1+ for calling out Corporate culture and greed. Instead of being a fraud target based on crappy coding, in a 737 Max, you're just dead.

[e1-531g]

Last time I checked Rust was open-source. It was also quite independent from GAFAM.
Google probably would like more devs use Dart & Flutter if it was about platform control.

@jmccue even with that software would be created according to some assumptions about usage. And then some person/company will think outside of the box and use that software component for different purpose than originally intended with success, but also uncover some bugs that according to original author are not bugs at all

[blackhole]

Rust may be "open source", but as with projects like systemd, wayland and the Linux kernel, for example, it's controlled and bankrolled by "Big Tech".

https://foundation.rust-lang.org/members/

This has been the case since 2021.

Then there is the trademark - and there was the whole trademark policy revision dispute last year, threats of a fork, etc...

Have a look through this obnoxious diatribe: https://docs.google.com/document/d/1...0mWSOAuok/edit

[jmccue]

Quote:

Originally Posted by blackhole

Rust may be "open source", but as with projects like systemd, wayland and the Linux kernel, for example, it's controlled and bankrolled by "Big Tech".

https://foundation.rust-lang.org/members/

Thinks like this only make me happier the *BSDs exist. But as many for is know, up-streams, mozilla, freedesktop, ... seem to be chasing big corp. dollars. I would not be surprised in a decade or so, that will eventually cause the BSDs a lot of hurt

[blackhole]

One could write a novel about the situation with Mozilla, so I won't get into that here - as many are aware, google has funded their browser project for over a decade - and ensured that chrome almost wiped it out of existence. In that time, Mozilla have spent a fortune paying the CEO and on activism and side projects, while laying off developers.

Rust is also hosted on github - a Microsoft platform, along with many other OSS projects such as systemd (a projected headed by a Microsoft employee).

Servo was cancelled, developers laid off and rust transferred to the "Big Tech" cartel and now Mozilla are talking about "AI"...

In my view a free alternative to the chrome monoculture was sabotaged from the inside and that's why Firefox is still using the gecko engine - and no threat whatsoever to chromium. If we fast forward, the end result is fairly predictable - now that Mozilla have handed their "memory safe" language over to that aforementioned group, abandoned their next generation browser and publicly stated that Firefox is no longer the focus - in time, Firefox will be either be rebased on the chromium project or abandoned (much the same end result). A rebase on chromium would be the best outcome for google as complete abandonment could lead to a fork - and that could still happen regardless. But a chromium that uses the logo, name and trademark would still dupe the majority of casual (mainly) windows users - and mobile users probably wouldn't notice the difference - so any fork would be far less potent and mostly a niche thing. Opera did this years ago, even Micrososft did the same... but for Firefox it would be a disaster.

Freedesktop.org hosts all of the "business friendly" OSS projects such as systemd, wayland, etc and is part of the X.org Foundation which is in turn funded by by "umbrella organisation" SPI, the same as that which manages funding/legal for the Debian Project.

SPI's organisation is difficult to understand. But the basics of it are that it handles all the funding/legal - and if one project gets donations, it goes into a "pool" and then that funding is distributed among the member projects - usually.

Debian in particular got a lot of money from Microsoft from it's debconf events, over the last several years, where Microsoft was a "platinum" donor. This is all related to Microsoft's interests (e.g. Azure and WSL2) and not in the interests of Debian users, or "free software" users and developers in general.

If you examine any given SPI financial statement you can see the funds for the individual projects, such as systemd, postresql, x.org, etc, but it's hard to "follow the money" and see precisely where that money is coming from.

The problem with corporate backing is that once these projects take the money, they're trapped. The money and the paid developers can be withdrawn (or the withdrawal threatened). We're already in the situation (for well over a decade) where corporate backed "open source" projects thrive and dominate, while volunteer based projects die from lack of developer time and donations. In fact the corporate mouthpieces spend significant time and money "talking down" FOSS alternatives, while talking up their own/preferred "open source" projects/products. This has made the "death" of some tried, test and proven software to be a self fulfilling prophecy. The corporates and their stooges put every ounce of weight behind dismissing and pulling apart some tried and tested solution in order to force in their own software, which has been developed entirely from a business perspective and not according to any solid design principles.

[e1-531g]

Ok, so I was wrong about Rust current ownership, my bad. But still, I am not convinced to avoid Rust.

What I am convinced is that C and C++ are quite unsafe. Convinced by data (some may prefer word "history"): CVEs, mailing list vuln announcements etc. Sheer number of critical vulnerabilities were related to manual memory management. So even if I would become convinced to avoid and abandon Rust-based programs, I would still prefer to not go back to C, C++ counterparts for them.

I came by this episode "Unsafe Impedance: Safe Languages and Safe by Design Software" on YT Channel "Elixir, Erlang and the BEAM with Adolfo Neto" Highly recommend, it explains clearly what and what not to expect from safe languages.

[blackhole]

I think it's important not to conflate C and C++.

Neither are "memory safe", so you're quite correct, but that doesn't simply make them "unsafe". It depends on who is writing the code - and if you don't trust those writing the code, then we've got bigger problems. But we have got this far with operating systems such as GNU/Linux, FreeBSD, NetBSD and OpenBSD all written in C.

The people now proclaiming that it's all "unsafe" are those people with a corporate agenda. I will remain sceptical at least until I see operating systems rewritten in these "memory safe" languages rather than just a few applications for token reasons.

Corporations always push their product, create a market for it where one does not exist, by discrediting that which it sets out to replace. This is typical security theatre scaremongering. If they want to force development off a completely open standard, a tried and tested mature language with a plethora of compilers available, many free and open source, not under the control of a corporate cartel and onto a far more restricted set of corporate financed tools, with some very dubious corporate backing, they have to come up with some convincing marketing and FUD. They have the means and the resources to do that.

We all have to choose who to trust. I have used OpenBSD in the past, and I trust them (and Theo) far more than I would trust the Rust Foundation. Who are the latter?

https://foundation.rust-lang.org/members/

Huawei, AWS, google, Meta and Microsoft?

The motives are always much the same. The corporate sponsored projects will jump on this bandwagon, just like those Linux distributions adopting systemd or moving to wayland.

[e1-531g]

Quote:

Originally Posted by blackhole

Neither are "memory safe", so you're quite correct, but that doesn't simply make them "unsafe". It depends on who is writing the code - and if you don't trust those writing the code, then we've got bigger problems. But we have got this far with operating systems such as GNU/Linux, FreeBSD, NetBSD and OpenBSD all written in C.

History shows that every one of those OSes had memory-management security vulnerabilities.

What sets OpenBSD apart was that a lot of memory management bugs were mitigated by a set of their techniques. These techniques required changes to the kernel, compiler, linker etc. I would argue that this shows OpenBSD devs acknowledge there will be bugs. They just engineered ecosystem in which they are not easy to exploit for remote code execution.

[blackhole]

Quote:

Originally Posted by e1-531g

History shows that every one of those OSes had memory-management security vulnerabilities.

Then you'd need to rewrite them from scratch in a memory safe language - along with Windows and macOS/iOS - who do you suppose is going to do this?

Quote:

Originally Posted by e1-531g

What sets OpenBSD apart was that a lot of memory management bugs were mitigated by a set of their techniques. These techniques required changes to the kernel, compiler, linker etc. I would argue that this shows OpenBSD devs acknowledge there will be bugs. They just engineered ecosystem in which they are not easy to exploit for remote code execution.

Whereas moving to Rust for example, would mean rewriting the whole OS.

The OpenBSD project acknowledge that there will be software in ports which they cannot audit and which won't be reliable - and is not developed by the project - many mitigations are based around this idea. The project and project lead in particular have certainly not endorsed Rust at all. And that's quite telling.

[e1-531g]

There is revolutionary path and evolutionary path. Redox OS is an example of revolutionary path while i.e. introduction of Rust to Linux kernel is evolutionary approach.

When it comes to Theo I see that he does not endorsed it but also not denounced language per se. His comment mostly come down to saying: we don't have resources to include that; the cost vs benefit ratio is too big.
Which is fine.

[blackhole]

There are very valid reasons why the major operating systems are written in C and not the latest fad OOP language (performance, compile times, bloat, etc, being just a few). Difficult to get away from that. Of course, long term (e.g. 20 - 30 years from now) some new OS could rise as Linux and the BSDs fade into obscurity. But we're a long way from that. The difficulty with something like Rust is that your OS project could be written in something abandoned, and superseded by another corporate backed project, 10 years down the line. You're as much at the mercy of corporate whims as those coding in mono / .NET.