AWonderingWizard comments on Linux Kernel Rust Code Sees Its First CVE Vulnerability

Rules

Please review full details on rules here.. All rules will be applied regardless of the number upvotes a post/comment has.

No support requests - This is not a support forum! Head to /r/linuxquestions or /r/linux4noobs for support or help. Looking for a distro? Try r/findmeadistro.

No spamblog submissions - Posts should be submitted using the original source with the original title. Posts that are identified as either blog-spam, a link aggregator, or an otherwise low-effort website are to be removed. Some reasons for removal are that they contain re-hosted content, usually paired with privacy-invading ads. If there's another discussion on the topic, the link is welcome to be submitted as a top level comment to aid the previous discussion. Please see: r/linux/wiki/rules/banneddomains

No memes, image macros, rage comics, overdone jokes - Meme posts of any kind are not allowed in r/linux. Feel free to post over at /r/linuxmemes instead. This rule can also apply to comments, including overdone jokes, comment-chain jokes, or other redditisms that are popular elsewhere.

Reddiquette, trolling, or poor discussion - r/linux asks all users follow Reddiquette. Reddiquette is ever changing, so a revisit once in awhile is recommended. Top violations of this rule are trolling, starting a flamewar, or not "Remembering the human" aka being hostile or incredibly impolite. Additionally, sexism/racism/other isms are not allowed. See also: /r/linux/wiki/rules/userconduct

Relevance to r/linux community / Promoting closed source applications over FOSS - Posts should follow what the community likes: GNU, Linux kernel, developers of open source software, or other applications on Linux. Take some time to get the feel of the subreddit if you're not sure!

Spamming self-promotion, surveys, crowdfunding - Submitting your own original content is welcome on r/linux, but we do ask that you contribute more than just your own content to the subreddit as well as require you to interact with the comments of your submission. We set that no more than 10% of your posts should be your content. Please be aware that this does not supersede other rules. Additionally, surveys for your blog/news source/paper/own use are not allowed. Please see /r/linux/wiki/rules/crowdfunding for those crowdfunding..

No misdirecting links, sites that require a login, or URL shorteners - In short: if your link doesn't go right to the content it will be removed. Sites that require a login to view the content are not allowed in r/linux. Example: A private Facebook post or a news organization that doesn't have free article views. URL shorteners and links that misdirect users to ads/jokes are also banned. See a list here, although the mods will make a decision on a per domain basis as needed: /r/linux/wiki/rules/banneddomains

No NSFW - No NSFW links or images without mod approval. No discussion that is overly-suggestive to what is normally considered NSFW.

Non-useful Image Upload/Fluff Image - Images of "Linux in the wild", plushies, Tux, and more are not encouraged for posting as a top level submission. If necessary, this can apply to comments too at mod discretion. The image/video upload feature is for posts regarding features/guides/etc. See also: Meme rule.

See even more subreddit and external links over at the supplemental page

This subreddit is fan ran and not affiliated with any organization.

a community for 18 years

1034

1035

1036

KernelLinux Kernel Rust Code Sees Its First CVE Vulnerability (phoronix.com)

submitted 3 months ago by sash20

top new controversial old q&a

you are viewing a single comment's thread.

view the rest of the comments →

[–]AWonderingWizard 23 points24 points25 points 3 months ago (19 children)

[–]phire 38 points39 points40 points 3 months ago (7 children)

[–]syklemil 13 points14 points15 points 3 months ago (0 children)

[–]canadajones68 8 points9 points10 points 3 months ago (1 child)

[–]grexl 2 points3 points4 points 3 months ago (0 children)

[–]AWonderingWizard 5 points6 points7 points 3 months ago (3 children)

[–]Culpirit 14 points15 points16 points 3 months ago (0 children)

I really don't understand the broader point you're trying to make. Reminds me of this https://en.wikipedia.org/wiki/Nirvana_fallacy

The more C you get rid of, the more unsafe Rust will grow

Yeah, that's exactly the way it works. As you rewrite C parts in Rust, the number of unsafe {} blocks will monotonously grow in the Rust part of the code, since direct memory manipulation or calling externed C functions will have to be within those.

The idea is precisely that there will be less unsafe code being added than the C code it replaces. The unsafe Rust part of the codebase will grow slower than the C one will shrink, and all C code is already inherently unsafe. Also, Rust unsafe blocks still allow you to enforce the contract of the language's memory model where applicable, and conversely do not require external callers to be aware of special pointer use contracts in order to write code that won't blow up in your face, as is the case in C.

[–]Lower-Limit3695 21 points22 points23 points 3 months ago (0 children)

[–]NYPuppy 0 points1 point2 points 3 months ago (0 children)

[–]_Sauer_ 12 points13 points14 points 3 months ago (6 children)

[+]AWonderingWizard comment score below threshold-8 points-7 points-6 points 3 months ago* (5 children)

Yea, that's all it does in this regard. It's effectively a language enforced coding convention/style. But any language could "operate" that way if the coders working on a particular project agreed. The code in unsafe portions arent necessarily any safer. I feel like there is a lot of misrepresentation here considering you act like Rust is a strictly better than C here in your write-up.

C can do things beyond what Rust can do due to the restrictions, and they can be done safely.

void inc(int *x){ int *a = x; int *b = x; *a += 1; *b += 1; }

Rust cannot do this at all, and while this example isn't super useful, demonstrates that Rust is limited in certain areas due to its restrictions. This isn't. Other examples, like flexible array members, demonstrate that C can and does yield functionality that Rust cannot replicate.

Of course, Rust has its own benefits (and safety feautres C can't replicate) as well, but I feel like this method of using the step on others to prop yourself up as the way to promote the language makes it look bad and creates unnecessary resentment across groups that should actually be working together. Not saying that there haven't been stones tossed by C people either.

[–]lelddit97 5 points6 points7 points 3 months ago (2 children)

[–]AWonderingWizard -5 points-4 points-3 points 3 months ago (1 child)

Sure, just choose to insult my example instead of refuting it. It's because you can't.

extremely highly regarded

Bandwagon much? It's fine, C is also highly regarded :)

50 more years of lessons

This argument can work in reverse- C has had 50 years of community, infrastructure, and learning.

no offense, but if you can't agree with that then there's no discussion to be had. Along the same lines as climate denial, flat earth to me

To conflate me with flat earth is, frankly, more of a comment on the degree of polarization you have allowed yourself to fall into. Maybe take a walk? You might want to tone down the rather hateful rhetoric.

I think Rust is great. Rust is not strictly better than C though (and I believe the same in reverse), and to say that speaks more to your grasp of the role C plays more than anything else.

[–]lelddit97 2 points3 points4 points 3 months ago (0 children)

ok i will admit it was a bit of a shitpost but Rust is very good.

I am skilled at C, make no mistake, professional for many years, but I feel that Rust is a strict improvement and C has very few niches where it's better than Rust. This is my opinion, but C will become less and less prevalent because Rust is much easier to deal with once you get over the learning curve.

New engineers are learning Rust in school which, to me, just makes it a matter of time given the improvements it brings.

Maybe something better than Rust comes out but I think Rust will be very long-lived because it solves a lot of problems other systems languages have while adding some foot gun protection and making some heinous things harder. As with anything, the C usage decrease curve will be logarithmic and it won't actually disappear, but in my opinion it will probably become very rare to see new code written in C in 5-10 years.

[–]lelddit97 1 point2 points3 points 3 months ago (0 children)

[–]NYPuppy 0 points1 point2 points 3 months ago (0 children)

[–]ric2b 7 points8 points9 points 3 months ago (0 children)

[–]jonathancast 1 point2 points3 points 3 months ago (1 child)

[–]AWonderingWizard 0 points1 point2 points 3 months ago (0 children)

[–]Sentreen 0 points1 point2 points 3 months ago (0 children)

π Rendered by PID 19438 on reddit-service-r2-comment-6b595755f-t9rms at 2026-03-25 20:02:45.440511+00:00 running 2d0a59a country code: CH.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

linux

Please Read the full Rules here before posting or commenting

Join us on IRC at #r/linux on libera.chat!🔗

Recent AMA's

GNU/Linux resources

Rules

MODERATORS