Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Do you think it's a bad idea that git and the Linux kernel are written in C? Is the possibility of a buffer overflow important in a program that's not processing input from random people on the internet?


No, because they are both legacy software. I understand momentum in codebases - that's why I'm reserving my vitriol for fresh bluesky projects like this one.

As for exploitability, privilege escalation and shellcode injection is still very much a thing, internet-facing or not.


Git started in 2005. I'm sure Torvalds knew all about buffer overflows then, but decided to use C. You seem to think this is a crazy decision.


> Git started in 2005. I'm sure Torvalds knew all about buffer overflows then, but decided to use C. You seem to think this is a crazy decision.

Well is it? Will it be if Linus isn't maintaining it?


Linus Torvalds has not been the git maintainer for years.


I wonder if git would be better served by a more modern language.


I'm sure you've heard of the Shellshock bug.


Shellshock is a flaw in bash parsing and has nothing to do with that fact that bash happens to be written in C. Also, it's only a problem for untrusted input sent to bash. Typically, from the internet.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: