this post was submitted on 12 Jan 2025
101 points (95.5% liked)

Linux

5605 readers
119 users here now

A community for everything relating to the linux operating system

Also check out !linux_memes@programming.dev

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev
101
Linux Foundation endorses Chromium, SteamOS ISO is coming Linux & Open Source news (tilvids.com)
submitted 2 days ago by Sunshine@lemmy.ca to c/linux@programming.dev
29 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] arendjr@programming.dev 3 points 22 hours ago (1 children)

I agree the Linux kernel is just fine. But that’s only because despite the security risks of C, there’s no viable alternative kernel.

But development doesn’t stand still, so either Linux catches up, or gets replaced when a viable alternative arrives. Thankfully Linus sees the problem, so they’re working to make the kernel viable a while longer, but I also agree with the person you replied to that this work could definitely use a bit more help.

[–] possiblylinux127@lemmy.zip -1 points 21 hours ago (1 children)

There are no security risks with C when you write good code. The reason we are seeing a lot of security vulnerabilities is because prior to about 10 years ago security wasn't considered that important.

I'm not saying Rust is bad. (It is generally good) The thing to remember is that Rust also can have security issues. What we need is skilled programmers who understand security.

[–] arendjr@programming.dev 1 points 3 hours ago (1 children)

Sorry, but this mindset is hurting both Linux and security in general.

The reason we are seeing a lot of security vulnerabilities is because prior to about 10 years ago security wasn’t considered that important.

This is frankly quite obviously false. Microsoft started taking security more seriously around the release of Windows 2000. Are you saying the Linux kernel developers took another 15 years to realize security is important?

Security research shows that new code is more prone to common vulnerabilities than old code is. While old code may have been designed with weak (or no) security considerations, those are well-mitigated by now. On the contrary, new code still regularly contains exploitable memory safety issues that slip by review.

What we need is skilled programmers who understand security.

We have skilled programmers who understand security. Those also understand that we need more than that.

Continuing to use C doesn’t merely require skilled programmers, it requires programmers that never make any mistake ever. That’s an infeasible standard for any human to uphold, hence why C is considered a risk.

[–] bargo@mastodon.tn 0 points 2 hours ago

@arendjr @possiblylinux127 eh, in reality, The reason we are seeing a lot of security vulnerabilities is because:
A: it is the most used OS in the world, hackers & pirates.... have 100 reasons to pirate winlol, for example imagine having 1 B$ worth of games on your storage drive, everyone would be killing to even have a sniff
B: it gives the feeling of the thrill of challenge when you decide to tweak, because it is close-sourced so it by default enables a few tweaks, all can be corrected