sudo-rs' first security audit - Ferrous Systems (ferrous-systems.com)

submitted 9 months ago by snaggen@programming.dev to c/rust@programming.dev

4 comments fedilink hide all child comments

top 4 comments

sorted by: hot top controversial new old

[-] BB_C@programming.dev 7 points 9 months ago

Should have told the auditors that stripping symbols is stupid and counterproductive instead of playing along. That segfault a user managed to hit once and only once with their self-built binary, and that useless core file that was left behind, shall hunt you in your dreams forever.

And I love how that commit was merged with the comment "A further reduced binary size! 🎉". Exhibit number #5464565465767 why caring that much about "dependency bloat" and binary sizes always was, and always will be, a result of collective mania in action.

[-] Rustmilian@lemmy.world 10 points 9 months ago

but removing these symbols might make reverse engineering of the binary harder.

That's the dumbest reasoning ever.

[-] Flipper@feddit.de 4 points 9 months ago

Especially because some already reverse engineered everything..

[-] fil@programming.dev 2 points 9 months ago

Conspiracy theory: the workgroup found an RCE vulnerability and assigned it identifier CLN-002 but never disclosed it to public and instead sold it to (CIA|DHL|MiB)

this post was submitted on 06 Nov 2023

38 points (97.5% liked)

Rust

5590 readers

70 users here now

Welcome to the Rust community! This is a place to discuss about the Rust programming language.

Wormhole

!performance@programming.dev

Credits

The icon is a modified version of the official rust logo (changing the colors to a gradient and black background)

founded 1 year ago

MODERATORS

snowe@programming.dev

Ategon@programming.dev

EdTheLegendary@programming.dev

kahnclusions@programming.dev

torcherist@programming.dev