Comment by kccqzy

Comment by kccqzy 10 days ago

12 replies

View on Hacker News

I'm trying to provide some commentary to OP's original term of "ordinary code" three comments above. While this term is inherently ambiguous and subjective, my personal opinion is that appending to slices simultaneously from multiple goroutines count as "ordinary code" but Obj.magic does not.

consteval 9 days ago

I don't think that's ordinary code. In any language, if you don't use a thread safe container and mutate it from multiple threads you'll get problems. This isn't an issue of memory safety but rather thread safety. You have to check the documentation for thread safe operations or otherwise use a lock. This goes for C#, Java, Go, you name it - the one singular exception being Rust. But, even Rust does not fully get around it.

Reply View 4 replies
  • kccqzy 9 days ago

    You missed the point.

    > In any language, if you don't use a thread safe container and mutate it from multiple threads you'll get problems.

    Yes I agree there will be problems but what kind of problems do you get? Can you potentially get a memory safety problem, or are you guaranteed that the problem is not a memory safety problem?

    The point is that thread safety problems in Go lead to memory safety problems. That's not the case in Java. You can crash the whole Go program by doing that, but you cannot crash the JVM by doing the same thing.

    Reply View 3 replies
    • yawaramin 9 days ago

      Crashing the whole program is actually memory safety. Because then the program can't get into an undefined state where parts of the program have access to memory they shouldn't.

      Reply View 2 replies
      • kccqzy 9 days ago

        Crashing via SIGSEGV is not memory safety.

        Reply View 1 reply
        • consteval 8 days ago

          Crashing with SIGSEGV can be perfectly memory safe. For example, writing to a NULL address is defined behavior on almost all platforms and typically causes the OS to send SIGSEGV.

          Reply View 0 replies
[removed] 10 days ago
[deleted]
Reply View 0 replies
kiitos 8 days ago

Appending to slices concurrently, without synchronization, is unambiguously invalid code.

Reply View 0 replies
tptacek 10 days ago

Yes. And: you will run into correctness bugs quickly if you mutate shared references in Go code. It's only my contention that you won't create a security vulnerability, in the colloquial understanding of the term (ie: a panic doesn't count).

Reply View 4 replies
  • tsimionescu 9 days ago

    You can, though it's much harder than in C or C++ or unsafe Rust for this to be exploitable. A data race on an interface value can give you a corrupted interface value, overwriting the vtable with struct contents. This can happen to lead to arbitrary code execution if you're unlucky enough, though in most cases it would be a SIGSEGV. It's also very hard for an attacker to craft a payload that can be guaranteed to reach this, though with a microservixe architecture with automatic restarts of failed services, they might get a lot of tries.

    Reply View 0 replies
  • lll-o-lll 9 days ago

    If I can induce a race that corrupts a data structure so that it leaks data back to me that I shouldn’t have access to, does that count?

    Reply View 1 reply
  • kaba0 9 days ago

    I mean, a very serious security vulnerability is/was row hammering, where an attacker was waiting on flipping a bit they have no access to by continuously flipping neighboring ones. Compared to that a race condition is "trivial" to exploit.

    Reply View 0 replies