That could happen. It is rather unlikely that they will migrate away from Ubuntu, so they are (more or less) forced to cooperate. But that’s just my view of that, we’ll see.
Our french ‘gendarmerie’ which is the state level police force (not the same as the police which is local) has it’s own ubuntu fork called gendbutu
I think this blog post is more of a showcase how bad our operating system interfaces are regarding atomic operations and permissions/capabilities. Unix eventually got little better with fd based file apis (openat and friends). But I just wonder what could modern OS with all the lessons learned look like.
Did you know it’s not possible in linux to atomically create and open a directory? [1]
TOCTOU is especially hard with “temporary directories”. One solution on linux is to use user namespaces (plan9!!) to have a temporary directory that’s only visible to the process so it can’t be messed with from the outside.
I don’t think blindly blaming rust or the uutils project is really constructive here. Both are cool projects. Even zig std has had silly mistakes like path traversal in std.zip. uutils for me is more of a testament for the fact that operating system design is still not mature, because it lets you write insecure code so easily.
1: Actually it’s possible with io_uring by combining mkdirat and openat ops 
8 Likes
it’s very nice to see these beliefs confirmed:
- an openat-style api is correct while paths should be avoided
- being overeager about utf-8 is bad
- discarding errors should be difficult
- shared libraries introduce hidden complexity
3 Likes