www.digitalmars.com         C & C++   DMDScript  

digitalmars.D - Safe code as an I/O requirement

reply aberba <karabutaworld gmail.com> writes:
https://lwn.net/Articles/708196/

 From the look of things and feedbacks from several security 
analysts and system developers, [exposed] I/O needs to be memory 
safe.

GStreamer multimedia library developed in C has safety issues 
[see article]. What would its safety be if it was written in D 
(along with its plugins)?
May 28
next sibling parent Ola Fosheim Grostad <ola.fosheim.grostad gmail.com> writes:
On Sunday, 28 May 2017 at 16:58:53 UTC, aberba wrote:
 https://lwn.net/Articles/708196/

 From the look of things and feedbacks from several security 
 analysts and system developers, [exposed] I/O needs to be 
 memory safe.

 GStreamer multimedia library developed in C has safety issues 
 [see article]. What would its safety be if it was written in D 
 (along with its plugins)?
It consists of many libraries. Audio-video decoders tend to be selected based on performance so no bounds checks. You can usually do it in a safe manner, but then you either need to adapt all the algorithms or prove correctness. Both alternatives are expensive. So really, sandboxing sounds like a more realistic alternative for an open source media player that aims to support all formats using third party codecs...
May 28
prev sibling next sibling parent piotrklos <poliklosio happypizza.com> writes:
On Sunday, 28 May 2017 at 16:58:53 UTC, aberba wrote:
 https://lwn.net/Articles/708196/

 (...)
Intuitively it would be much better because overwhelming majority of the code can be written with safe, but bounds checking would have to be switched off for some plugin code for performance reasons, so it would not be 100% secure.
May 28
prev sibling parent Paulo Pinto <pjmlp progtools.org> writes:
On Sunday, 28 May 2017 at 16:58:53 UTC, aberba wrote:
 https://lwn.net/Articles/708196/

 From the look of things and feedbacks from several security 
 analysts and system developers, [exposed] I/O needs to be 
 memory safe.

 GStreamer multimedia library developed in C has safety issues 
 [see article]. What would its safety be if it was written in D 
 (along with its plugins)?
GStreamer has already adopted Rust and is slowly migrating away from C into Rust. Search for their presentation at RustConf Kiev 2017. Also GNOME guys have been having meetings with Rust design team as there is the possibility to replace Vala with Rust. See GUADEC Mexico city 2017.
May 29