Critical Rust flaw enables Windows command injection attackswww.bleepingcomputer.comexternal-linkcross-posted to: pulse_of_truth@infosec.pub 0x0 ( @0x0@programming.dev ) Programming@programming.dev • 3 months ago message-square15fedilinkarrow-up178
arrow-up178external-linkCritical Rust flaw enables Windows command injection attackswww.bleepingcomputer.com 0x0 ( @0x0@programming.dev ) Programming@programming.dev • 3 months ago message-square15fedilinkcross-posted to: pulse_of_truth@infosec.pub
minus-square Sekoia ( @Sekoia@lemmy.blahaj.zone ) linkfedilink13•3 months agoAlso, the reason this is a CVE is because Rust itself guarantees that calling commands doesn’t evaluate shell stuff (but this breaks that guarantee). As far as I know C/C++ makes no such guarantee whatsoever.
minus-square Buttons ( @Buttons@programming.dev ) linkfedilinkEnglish10•3 months agoOur bug is their status quo.
Also, the reason this is a CVE is because Rust itself guarantees that calling commands doesn’t evaluate shell stuff (but this breaks that guarantee). As far as I know C/C++ makes no such guarantee whatsoever.
Our bug is their status quo.