undefined | Better HN

Skip to content

Top Best Ask Show New Jobs

0 pointsskohan5y ago0 comments

I actually think safety should be guaranteed at an OS/hardware level and not at a software level. If it's guaranteed that my process can only make a mess inside it's own memory allocations, let the software be as unsafe as it wants.

0 comments

4 comments · 1 top-level

Thiez5y ago· 3 in thread

Then you'll be happy to learn that what you propose has been the case for consumer computers since protected mode was added to Intel 80286 processors in 1982.

I think few people in this discussion are worrying about programs directly affecting other programs through memory unsafety, exactly because this doesn't really happen for software that isn't a driver or inside the OS kernel. The problem with memory unsafety is that it often allows exploits that corrupt or steal user data, or gain unauthorized access to a system. That's not a problem when you are the only user of your software and you only have access to your own data, but once you have other peoples data or run on other peoples system I think you should at least consider the advantages of using a safe(r) language.

skohanOP5y ago

But I don't understand how data stealing can happen if each process is effectively sandboxed. If my process can't read or write to memory outside of what it allocated, how can I corrupt or steal user data?

Thiez5y ago

Well it depends on your definition of sandboxed. Does your program have permission to perform I/O, either by reading/writing to a filesystem or sending/receiving data on a network?

Most "interesting" programs can perform I/O. Then you run into ambient authority and confused deputies.

kaba05y ago

In case of a browser, a buffer overflow can be exploited to upload user files for example — which are very much readable without trouble on most linux distros.

j / k navigate · click thread line to collapse