This isn't Rust specific. It's really difficult to securely start a command in Windows. I highly recommend to read https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/.
this post was submitted on 10 Apr 2024
0 points (NaN% liked)
Technology
59298 readers
4911 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
I'm honestly surprised windows can even exist at this point.
It's mind-boggling to me that people would dedicate their lives to learning that system when it's such a shoddy piece of crap.
It's amazing what a motivator money can be.
Funny how the headline makes it sound like a Rust specific problem, as if the Rust language is unsafe or the core team was incompetent, but then other affected language standard libraries include
- Erlang (documentation update)
- Go (documentation update)
- Haskell (patch available)
- Java (won’t fix)
- Node.js (patch will be available)
- PHP (patch will be available)
- Python (documentation update)
- Ruby (documentation update)
So actually this is a vulnerability that originates in Windows, and Rust and Haskell are the only languages that are actually protecting users from it as of right now, with Node.js and PHP to follow.