Hacker News new | past | comments | ask | show | jobs | submit login

The memory-unsafety bugs they found through fuzzing is worrying for newly written code.

It really shows that you should try to avoid writing C code when possible.

Hmm, I think OS level syscall restriction is also a good mitigation for simple programs. Things like https://en.wikipedia.org/wiki/Seccomp.

How popular is Seccomp? I know Chrome uses it, but I'm not familiar with many other programs outside of sandboxing software.

Things like gzip or tar or compilers should use it imo. They are programs which just read from one file descriptor and write to another.

Applications are open for YC Winter 2022

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact