From: Adrian Bunk <bunk@kernel.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Tom Stellard <tstellar@redhat.com>,
Nick Desaulniers <ndesaulniers@google.com>,
Masahiro Yamada <masahiroy@kernel.org>,
Nathan Chancellor <nathan@kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
clang-built-linux <clang-built-linux@googlegroups.com>,
Fangrui Song <maskray@google.com>,
Serge Guelton <sguelton@redhat.com>,
Sylvestre Ledru <sylvestre@mozilla.com>
Subject: Re: Very slow clang kernel config ..
Date: Sun, 2 May 2021 12:31:23 +0300 [thread overview]
Message-ID: <20210502093123.GC12293@localhost> (raw)
In-Reply-To: <CAHk-=whs8QZf3YnifdLv57+FhBi5_WeNTG1B-suOES=RcUSmQg@mail.gmail.com>
On Sat, May 01, 2021 at 09:32:25AM -0700, Linus Torvalds wrote:
>...
> Yes, it can save on disk use, but unless it's some very core library
> used by a lot of things (ie particularly things like GUI libraries
> like gnome or Qt or similar), the disk savings are often not all that
> big - and disk is cheap. And the memory savings are often actually
> negative (again, unless it's some big library that is typically used
> by lots of different programs at the same time).
>...
> I think people have this incorrect picture that "shared libraries are
> inherently good". They really really aren't. They cause a lot of
> problems, and the advantage really should always be weighed against
> those (big) disadvantages.
>...
Disk and memory usage is not the biggest advantage.
The biggest advantage of shared libraries is that they enable
distributions to provide security fixes.
Distributions try hard to have only one place to patch and one package
to rebuild when a CVE has to be fixed.
It is not feasible to rebuild all users of a library in a
distribution every time a CVE gets published for a library.
Some of the new language ecosystems like Go or Rust do not offer
shared libraries.
At the end of this email are some of the recent CVEs in Rust.
Q:
What happens if you use a program provided by your distribution that is
written in Rust and handles untrusted input in a way that it might be
vulnerable to exploits based on one of these CVEs?
A:
The program has a known vulnerability that will likely stay unfixed.
This is of course not a problem for the rare software like Firefox or
the kernel that have CVEs themselves so regularly that they get rebuilt
all the time.
> Linus
cu
Adrian
CVE-2020-36317 In the standard library in Rust before 1.49.0,
String::retain() function has a panic safety problem. It allows creation
of a non-UTF-8 Rust string when the provided closure panics. This bug
could result in a memory safety violation when other string APIs assume
that UTF-8 encoding is used on the same string.
CVE-2020-36318 In the standard library in Rust before 1.49.0,
VecDeque::make_contiguous has a bug that pops the same element more than
once under certain condition. This bug could result in a use-after-free
or double free.
CVE-2020-36323 In the standard library in Rust before 1.52.0, there is
an optimization for joining strings that can cause uninitialized bytes
to be exposed (or the program to crash) if the borrowed string changes
after its length is checked.
CVE-2021-28875 In the standard library in Rust before 1.50.0,
read_to_end() does not validate the return value from Read in an unsafe
context. This bug could lead to a buffer overflow.
CVE-2021-31162 In the standard library in Rust before 1.53.0, a double
free can occur in the Vec::from_iter function if freeing the element
panics.
next prev parent reply other threads:[~2021-05-02 9:36 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-29 21:53 Very slow clang kernel config Linus Torvalds
2021-04-30 0:19 ` Nick Desaulniers
2021-04-30 2:22 ` Nick Desaulniers
2021-05-01 0:19 ` Nick Desaulniers
2021-05-01 0:23 ` Nick Desaulniers
2021-05-01 0:25 ` Nick Desaulniers
2021-05-01 0:40 ` Nick Desaulniers
2021-05-01 1:22 ` Linus Torvalds
2021-05-01 1:48 ` Nick Desaulniers
2021-05-01 2:16 ` Fangrui Song
2021-05-01 3:32 ` Tom Stellard
2021-05-01 16:32 ` Linus Torvalds
2021-05-01 19:57 ` Serge Guelton
2021-05-01 22:39 ` Linus Torvalds
2021-05-01 23:55 ` Fangrui Song
2021-05-01 21:58 ` David Laight
2021-05-02 9:31 ` Adrian Bunk [this message]
2021-05-02 11:35 ` David Laight
2021-05-02 16:12 ` Linus Torvalds
2021-05-02 16:45 ` Adrian Bunk
2021-05-02 16:49 ` Linus Torvalds
2021-05-02 17:55 ` Adrian Bunk
2021-05-02 17:59 ` Linus Torvalds
2021-05-02 21:48 ` Adrian Bunk
2021-05-04 22:02 ` Miguel Ojeda
2021-05-05 0:58 ` Theodore Ts'o
2021-05-05 17:21 ` Miguel Ojeda
2021-05-04 21:32 ` Miguel Ojeda
2021-05-05 11:05 ` David Laight
2021-05-05 13:53 ` Miguel Ojeda
2021-05-05 14:13 ` David Laight
2021-05-05 16:06 ` Miguel Ojeda
2021-05-05 16:25 ` David Laight
2021-05-05 17:55 ` Miguel Ojeda
2021-05-03 1:03 ` Maciej W. Rozycki
2021-05-03 14:38 ` Theodore Ts'o
2021-05-03 14:54 ` Theodore Ts'o
2021-05-03 17:14 ` Maciej W. Rozycki
2021-05-03 16:09 ` David Laight
2021-05-04 23:04 ` Greg Stark
2021-05-05 0:55 ` Theodore Ts'o
2021-05-01 23:37 ` Mike Hommey
2021-05-02 5:19 ` Dan Aloni
2021-05-03 16:48 ` Tom Stellard
2021-05-03 19:00 ` Fangrui Song
2021-04-30 0:52 ` Nathan Chancellor
2021-04-30 2:21 ` Nick Desaulniers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210502093123.GC12293@localhost \
--to=bunk@kernel.org \
--cc=clang-built-linux@googlegroups.com \
--cc=linux-kernel@vger.kernel.org \
--cc=masahiroy@kernel.org \
--cc=maskray@google.com \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=sguelton@redhat.com \
--cc=sylvestre@mozilla.com \
--cc=torvalds@linux-foundation.org \
--cc=tstellar@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).