←back to thread

Helm local code execution via a malicious chart

(github.com)
171 points irke882 | 9 comments | 09 Jul 25 05:49 UTC | HN request time: 1.029s | source | bottom
1. quotemstr ◴[09 Jul 25 08:02 UTC] No.44507375[source]
But I thought security vulnerabilities couldn't happen in memory-safe languages!
replies(3): >>44507845 #>>44508369 #>>44513650 #
2. qsort ◴[09 Jul 25 09:16 UTC] No.44507845[source]
But I thought accidents wouldn't happen if we wear helmets! Clearly they're worthless!
replies(1): >>44508458 #
3. junon ◴[09 Jul 25 10:46 UTC] No.44508369[source]
This isn't a memory bug.
replies(1): >>44510814 #
4. cluckindan ◴[09 Jul 25 10:58 UTC] No.44508458[source]
Sarcasm aside: wearing a helmet causes riders to take more risks, leading to more accidents.

https://www.sciencedirect.com/science/article/pii/S136984781...

I’d still wear one, but also try to be more careful knowing that the helmet provides a false sense of security.

I do believe the analogy holds very true with programming habits.

replies(1): >>44509827 #
5. cryptonym ◴[09 Jul 25 13:29 UTC] No.44509827{3}[source]
Did you read the abstract? It says the exact opposite:

> this systematic review found little to no support for the hypothesis bicycle helmet use is associated with engaging in risky behaviour.

replies(1): >>44513237 #
6. mdaniel ◴[09 Jul 25 14:58 UTC] No.44510814[source]
And Helm isn't written in Rust, so their snark was doubly misplaced
replies(1): >>44511876 #
7. dilyevsky ◴[09 Jul 25 16:21 UTC] No.44511876{3}[source]
Fwiw, Go is also considered memory-safe although not as strict as Rust
8. cluckindan ◴[09 Jul 25 18:20 UTC] No.44513237{4}[source]
What! You’re lying!
9. grumpyprole ◴[09 Jul 25 19:01 UTC] No.44513650[source]
I would argue that not sanitising strings is analogous to a form of memory unsafety. You take as an input, an opaque blob of bytes that you then pass on to a myriad of other libraries and pieces of code. Nothing is captured in the types other than "String". Mainstream programming languages need to make it easier to define new types and parse strings into them. Rust is very promising in this area, as it features algebraic data types.