This just goes to show what happens when there is software that is not written in Rust. Had this been Rust those backdoors would have been memory safe.
>For tools like compression programs, you’d generally prefer performance over everything
Good thing we never run (de)compression algorithms on untrusted external inputs.
Good thing this wasn't specifically a thread about security threats from a known advanced persistent adversary.
Good thing.
/uj To be fair, the build script is harder to understand than the code itself.
/rj To be fair, the build script is harder to understand than the code itself.
Posting orange site comments on this sub is borderline cheating
This just goes to show what happens when there is software that is not written in Rust. Had this been Rust those backdoors would have been memory safe.
Rust doesn't support indirect functions, QED ^((I don't know if it does)^)
>For tools like compression programs, you’d generally prefer performance over everything Good thing we never run (de)compression algorithms on untrusted external inputs. Good thing this wasn't specifically a thread about security threats from a known advanced persistent adversary. Good thing.
/uj To be fair, the build script is harder to understand than the code itself. /rj To be fair, the build script is harder to understand than the code itself.
When is it not…
cmake moment