« BackRetrofitting spatial safety to lines of C++security.googleblog.comSubmitted by jandeboevrie 5 hours ago
  • Animats 4 hours ago

    New buzzword for old thing alert.

    • epage an hour ago

      This term is coming up more frequently in the C++ community as they discuss Rust's safety features so to add more nuance to the discussion and focus on subsets of the problem to solve.

      Note that there are some more heated takes on where these terms are being used. I tried to be as generous as possible in my description.

      • aseipp an hour ago

        People (both practitioners & researchers) have been using the terms "temporal" and "spatial" to refer to different classes of C++ vulnerabilities for at least 12+ years, back when I was actually writing exploits for a job. It is not new at all, and anyone in the field within the past 6-7 years and worth their salt will instantly recognize them.

        • tom_ 13 minutes ago

          For whatever it's worth, I've been doing this stupid shit - writing C++, that is - for 25 years, and this is the first time I've heard this term. (This is a data point rather than a complaint. But for a fee, it can become a complaint if you would like.)

        • pizlonator an hour ago

          Nah, "spacial safety" is a term of art among security folks and among PL folks who work on security.

          It's the part of memory safety that's just about bounds. You can also call it "bounds safety" and folks will understand what you mean, but "spacial safety" is the more commonly used jargon.

          • vintagedave 4 hours ago

            I'll say.

            > Attackers regularly exploit spatial memory safety vulnerabilities, which occur when code accesses a memory allocation outside of its intended bounds

            Isn't that... 'out of bounds memory access'?