···3939amount of code involved in order to prevent vulnerabilities from being a
4040problem?</xeblog-conv>
41414242-<xeblog-conv name="Cadey" mood="coffee">God I wish they did. They wrote the
4343-program in C, (as far as I can tell) have no intention of rewriting it in Rust, and it's had
4444-[many](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22809)
4545-[viable](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156)
4646-[attacks](https://www.sudo.ws/security/advisories/sudoedit_selinux) over the
4747-years that allowed attackers to gain root privileges and worse. It's also
4848-debatable if the entire concept of privilege separation as implemented in Linux
4949-and UNIX was a bad idea to begin with but we're stuck with it because of an
5050-endless ball of legacy programs controlled by egotistical open source people
5151-that refuse to change because then [obscure targets that nobody uses won't be
5252-able to leech off of the rest of the ecosystem by holding back any chance to let
5353-us have a modicum of nice things](https://lwn.net/Articles/845535/).</xeblog-conv>
4242+<div class="warning">A prior version of this conversation snippet was badly
4343+phrased. You are reading an edited version in case this is relevant in internet
4444+comment arguments.</div>
4545+4646+<xeblog-conv name="Cadey" mood="coffee">I don't know about the code quality
4747+standards of the sudo project, but overall I don't see them doing any concerted
4848+effort to try to migrate away from C (or to reduce the complexity of sudo) and
4949+there are
5050+[frequent](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22809)
5151+[security](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156)
5252+[vulnerabilities](https://www.sudo.ws/security/advisories/sudoedit_selinux) that
5353+result in attackers getting root access anyways. I really wish the industry as a
5454+whole would take languages like Rust a bit more seriously and start actually
5555+moving towards programs being safer to use because security vulnerabilities in
5656+core infrastructure result in emergency patches. It was disappointing to see [an
5757+attempt at using Rust in an important Python library torpedoed by users of
5858+obscure architectures not supporting Rust](https://lwn.net/Articles/845535/).
5959+Maybe the solution there is to use WebAssembly as a compile target instead of
6060+making everything be native code. I wouldn't wish hppa's reverse stack growth on
6161+anyone trying to write a compiler though.</xeblog-conv>
54625563<xeblog-conv name="Aoi" mood="sus">Oh god...</xeblog-conv>
5664