CLN-001: relative path traversal vulnerability (moderate)
During the audit, it came to light that the original sudo implementation was also affected by this issue, although with a lower security severity due to their use of the openat function.
I thought Rust was secure? How is it possible to write a program in Rust and still have the same security vulnerabilities, and actually be higher severity?
It's almost as if changing to an entirely new programming language and ecosystem isn't enough to make a secure application, and that you still have to try hard to secure it, regardless of the language.
> It's almost as if changing to an entirely new programming language and ecosystem isn't enough to make a secure application, and that you still have to try hard to secure it, regardless of the language.
Has anyone argued that switching to Rust alone is sufficient to stop all security vulnerabilities?
Has anyone suggested that switching to Rust means you no longer need to do any work to write secure applications?
It seems to me you're arguing against a totally self-constructed straw-man.
It's hilarious that people invented an entirely new language to prevent a single attack vector. That's like learning Perl because it has no buffer overflows.
It's almost as if changing to an entirely new programming language and ecosystem isn't enough to make a secure application, and that you still have to try hard to secure it, regardless of the language.
How interesting.