Hacker News new | past | comments | ask | show | jobs | submit login

> so they're unlikely to have the classic C/C++ errors

Two things here :

- This vulnerability is a logic error (no header => root), not a buffer overflow. It could have happen in any language.

- C and C++ don't play in the same band anymore. Most security vulnerabilities affecting C generally do not affect C++ (no stack based string handling, no VLA, no void* everywhere, proper RAII, proper type safety)

And yes for developing a minimum-memory-footprint system daemon in 2021, I would use C++ or Rust but definitively not C.




Yes, note that I didn’t say this was a classic C vulnerability but that I’d expect to see more bugs of that class all other things being equal. C++ has been getting better but that doesn’t automatically remediate all of the code in the world and retrain every developer.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: