0x0@programming.dev to Programming@programming.dev · 7 months agoCritical Rust flaw enables Windows command injection attackswww.bleepingcomputer.comexternal-linkmessage-square26fedilinkarrow-up1132cross-posted to: [email protected]
arrow-up1125external-linkCritical Rust flaw enables Windows command injection attackswww.bleepingcomputer.com0x0@programming.dev to Programming@programming.dev · 7 months agomessage-square26fedilinkcross-posted to: [email protected]
minus-squareSekoia@lemmy.blahaj.zonelinkfedilinkarrow-up16arrow-down2·7 months agoAlso, the reason this is a CVE is because Rust itself guarantees that calling commands doesn’t evaluate shell stuff (but this breaks that guarantee). As far as I know C/C++ makes no such guarantee whatsoever.
minus-squareButtons@programming.devlinkfedilinkEnglisharrow-up11arrow-down2·7 months agoOur bug is their status quo.
Also, the reason this is a CVE is because Rust itself guarantees that calling commands doesn’t evaluate shell stuff (but this breaks that guarantee). As far as I know C/C++ makes no such guarantee whatsoever.
Our bug is their status quo.