It wouldn’t be a day ending in Y if VMware didn’t release a patch that solved some major security bug.
From the other side of the fence, the software is extremely complicated. I’ve done work with emulators and I’m certain it was full of security bugs because your effort is focused on getting it working at all.
You might say it should be implemented in a memory safe systems language. I agree completely, but it costs too much to redevelop emulated hardware from scratch.
Many security vulnerabilities also stem from implementations that care more about speed than correctness. If you want a fully secure virtualised system, integrate with Bochs and suffer Pentium 4 performance.
It’s a big risk/reward system. Also, many exploits would work just as well in safe and verified Rust, because quite a few of them are logic bugs rather than memory access vulnerabilities. It doesn’t really matter how safe your language is when you add a line of code like
if user_name.ends_with("devtest123")to make debugging easier and end up pushing that code to production.
Wow, that’s a doozy, though. Remote access, low complexity and unauthenticated - and it grants remote code execution? Holy shit… I wonder what context the execution happens in (I’m guessing it’s bad if it’s being talked about as an emergency change)
