Comment by tptacek

Comment by tptacek 9 days ago

21 replies

View on Hacker News

No it's not. This is what I meant, cross-thread, when I suggested being wary of arguments trying to draw significant distinctions between memory-safe-language X and memory-safe-language Y. Error checking idioms and affordances have profound implications for correctness and for how you build and test code. Programmers have strong preferences. But those implications have only incidental connections to security, if any. Nevertheless "security" is a good claim to throw into a "my language is better" argument.

Smaug123 9 days ago

I don't even use Golang, I maybe read two Golang repos a year, I find these errors in almost every repo I look at (probably because of the selection effect: I only look at the code for tools I find bugs in). One of them I remember was a critical vulnerability of exactly this form, so :shrug: Perhaps I'm just grotesquely unlucky in the Golang projects I see, but that makes maybe 10% of the Golang error-handling bugs I've found to be security bugs.

Reply View 20 replies
  • tptacek 9 days ago

    Sounds memorable. Say more about this critical vulnerability?

    Reply View 19 replies
    • Smaug123 9 days ago

      I'll gesture at it. It's not an open source tool, so I can't point at the code (and in fact I just checked and I don't have perms to see the Jira ticket I caused to be raised!), and I am wary of describing security bugs in company-internal code. But in general terms it was a service that attempted to check whether a request was allowed, and it ignored errors from that check. (I just searched history for a bit to find the error in the absence of any actual details about it, but it was a while ago and I failed.) Sorry this is not a very satisfying answer.

      Reply View 18 replies
      • [removed] 9 days ago
        [deleted]
        Reply View 0 replies
      • foldr 9 days ago

        Any language where errors are returned as values will allow you to ignore errors (if you don’t have proper linting set up, and unless it has something fancy like linear types). I’ve even seen a similar error in Haskell code, where someone called an isLoggedIn function inside a monad with the expectation that it would short-circuit evaluation, whereas in fact it just retuned a Bool.

        Reply View 13 replies
      • [removed] 9 days ago
        [deleted]
        Reply View 0 replies
      • goodlinks 9 days ago

        Isnt this the same as any language though.. check if have permission then ignore the result seems like something that the language cannot protect you from?

        Reply View 1 reply
        • Smaug123 8 days ago

          I mean, Golang has an unused variables compile error, which presumably is trying to do precisely this. It's like they got so close to forcing the user to acknowledge the possibility of errors, and then stopped just before the end!

          Reply View 0 replies