0x0@programming.dev to Programming@programming.dev · 1 year agoCritical Rust flaw enables Windows command injection attackswww.bleepingcomputer.comexternal-linkmessage-square23fedilinkarrow-up1122arrow-down16cross-posted to: technology@lemmy.worldrust@programming.dev
arrow-up1116arrow-down1external-linkCritical Rust flaw enables Windows command injection attackswww.bleepingcomputer.com0x0@programming.dev to Programming@programming.dev · 1 year agomessage-square23fedilinkcross-posted to: technology@lemmy.worldrust@programming.dev
minus-squarexmunk@sh.itjust.workslinkfedilinkarrow-up17arrow-down3·1 year agoNow that it has been identified, it should be an easy fix, at least. Still, it’s important to remember that Rust is still a relatively young ecosystem and flaws like this exist until we get burned by them.
minus-squareBatmanAoD@programming.devlinkfedilinkarrow-up14·1 year agoAnd in fact it’s not specific to Rust, and Rust is the first language with a fix available. (Thanks to some other comments for pointing this out.) Java has apparently declared it “won’t fix.” https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/#appendix-b-status-of-the-affected-programming-languages
minus-squarebizdelnick@lemmy.mllinkfedilinkarrow-up5·1 year ago it should be an easy fix But it’s not. Have you read the article?
Now that it has been identified, it should be an easy fix, at least.
Still, it’s important to remember that Rust is still a relatively young ecosystem and flaws like this exist until we get burned by them.
And in fact it’s not specific to Rust, and Rust is the first language with a fix available. (Thanks to some other comments for pointing this out.) Java has apparently declared it “won’t fix.”
https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/#appendix-b-status-of-the-affected-programming-languages
But it’s not. Have you read the article?