Rust is often presented as one of the safest modern systems programming languages. Its memory safety model, ownership system, and strong compiler checks help prevent many classic bugs known from C and C++.
But the Zellic audit of uutils coreutils shows an important lesson:
Rust does not automatically make software secure.
What is uutils coreutils?
uutils coreutils is a Rust reimplementation of the traditional GNU Coreutils, including tools such as:
- cp
- mv
- rm
- chmod
- chown
- kill
What did the audit show?
The audit found that Rust prevents many memory-related bugs, but it does not prevent every security problem.
The reported issues included:
- logic bugs
- race conditions
- unsafe file handling
- symlink-related problems
- privilege handling issues
- unexpected behavior in system utilities