> As a side note, we also discovered a local vulnerability (a race condition) in the uutils coreu...

cyberpunk • yesterday at 6:08 PM • 3 replies • view on HN

> As a side note, we also discovered a local vulnerability (a race condition) in the uutils coreutils (a Rust rewrite of the standard GNU coreutils -- ls, cp, rm, cat, sort, etc), which are installed by default in Ubuntu 25.10. This vulnerability was mitigated in Ubuntu 25.10 before its release (by replacing the uutils coreutils' rm with the standard GNU coreutils' rm), and would otherwise have resulted in an LPE (from any unprivileged user to full root) in the default installation of Ubuntu Desktop 25.10.

Shurely Shome mistake, not a vuln in holy rust!

Replies

delamon • yesterday at 6:15 PM

Rust cannot help you if race condition crosses API boundary. No matter what language you use, you have to think about system as a whole. Failure to do that results in bugs like this

➕ show 2 replies

dgxyz • yesterday at 7:13 PM

Rewrite tools in new language, get new exciting bugs!

➕ show 1 reply

unethical_ban • yesterday at 11:57 PM

Is a race condition a memory related error?

➕ show 3 replies

alt Hacker News

Replies