lcamtuf   May 4

The coreutils Rust rewrite story is pretty funny.

Coreutils are tools like rm, mv, mkdir, etc. Unlike binutils, this isn't a fertile ground for memory safety bugs. But, the rewrite was completed, and in the spirit of progress, Canonical decided to switch.

But do you know what coreutils are a fertile ground for? Race conditions around file creation, deletion, permission setting, and so on. The original code accounted for decades of hard-learned lessons in that space. The Rust rewrite did not:

https://seclists.org/oss-sec/2026/q2/332

PS. I'm not dunking on Rust. It's just that... starting over from scratch has its hidden costs.

oss-sec: uutils coreutils CVEs

Show threadDavid GerardMay 10

RE: https://infosec.exchange/@lcamtuf/116517194178120536

fucking up a craven license-washing rewrite? well I never

Show threadOtte Homan - remember Geordie
@davidgerard when you focus so strongly on memory buffer overruns that you ignore all other shit that can possibly go wrong ...
May 10 at 12:01pmWeb
Show threadDavid GerardMay 10
@otte_homan and when your project only exists for license-washing
Show threadOtte Homan - remember GeordieMay 10
@davidgerard dunno, can't really judge that myself.
Show threadOtte Homan - remember GeordieMay 10
@davidgerard so what *exactly* are the differences between GPL and MIT lics?