IdeaWell

Project ideas from Hacker News discussions.

Bugs Rust won't catch

Original Article

Hacker News Discussion

📝 Discussion Summary (Click to expand)

Top 4 themes from the discussion

  1. Inexperience with Unix APIs produces rookie mistakes

    “What’s notable is that all of these bugs landed in a production Rust codebase, written by people who knew what they were doing… Most of those mistakes are exceedingly amateur from the perspective of long‑time GNU coreutils developers.” – wahern

  2. Rust’s stdlib file APIs are low‑level and path‑based, offering little safety

    “More than that: it seems that Rust stdlib nudges the developer towards using neat APIs at an incorrect level of abstraction, like path‑based instead of handle‑based file operations.” – nine_k

  3. Premature adoption of untested rewrites endangers users

    “When I read the article I came away with the impression that shipping bugs this severe in a rewrite of utils used by hundreds of millions of people daily … isn’t ok.” – irishcoffee

  4. Rust is not a panacea; logic bugs still slip in and must be caught manually

    “Rust obviously does not promise that.” – adrian_b

🚀 Project Ideas

RustSecureFS#Summary

  • A safe wrapper around std::fs that uses Unix openat/*at syscalls via rustix to provide file‑handle‑based APIs, eliminating TOCTOU path‑resolution bugs.
  • Eliminates the most common path‑traversal and rename mistakes that caused the 44 CVEs reported in uutils.

Details

Key Value
Target Audience Rust developers building security‑critical CLI tools, system utilities, and daemons
Core Feature Export FileHandle type exposing read, write, read_dir, rename_handle, and chmod that operate on opened descriptors instead of raw paths
Tech Stack Rust 1.75+, rustix crate for low‑level syscalls, libc bindings for openat2, tokio for async, thiserror for error handling
Difficulty Medium
Monetization Hobby

Notes

  • HN users repeatedly pointed out that “Rust’s std::fs nudges developers toward path‑based APIs” and called for a handle‑based stdlib API; this crate directly answers that call.
  • By providing a lint‑able wrapper around std::fs, teams can enforce safe file handling in CI pipelines, reducing the same class of bugs that slipped into production coreutils.

PathGuard CLI

Summary

  • A command‑line utility that scans Rust projects for insecure std::fs usage patterns (e.g., rename with two paths, create_dir_all without exclusive creation flags) and auto‑generates safe code suggestions.
  • Provides instant remediation suggestions to prevent the TOCTOU and rename‑at pitfalls highlighted in the uutils audit.

Details

Key Value
Target Audience Rust open‑source maintainers, CI maintainers, and security auditors
Core Feature Lint rules + auto‑fix generator that rewrites code to use FileHandle::from_path and rename_handle
Tech Stack Rust, clap for CLI, syn/quote for AST manipulation, colored for output
Difficulty Low
Monetization Revenue-ready: $19/mo per team for hosted lint service

Notes

  • Commenters like “masklinn” lamented the lack of openat exposure in std; this tool bridges that gap automatically.
  • The project can be packaged as a GitHub Action, giving teams immediate safety checks for coreutils‑like code.

SecureRename Service

Summary

  • A tiny HTTP micro‑service that receives file‑operation requests (rename, delete, chmod) and executes them using atomic openat/renameat sequences with exclusive locks, guaranteeing no race conditions.
  • Offers a simple API for CI/CD pipelines to replace unsafe shell calls with a verifiable, audited service.

Details

Key Value
Target Audience DevOps engineers, CI maintainers, and security‑focused teams
Core Feature Endpoint /secure-rename that validates source/destination descriptors and returns immutable file handles
Tech Stack Rust (Actix‑Web), tokio, sqlx for audit logging
Difficulty High
Monetization Revenue-ready: pay‑as‑you‑go $0.01 per operation, or $199/mo for enterprise SLA

Notes

  • HN discussion highlighted that “Unix’s rename takes two paths” and that “Rust’s stdlib offers no safe wrapper”; this service provides exactly that wrapper as a remote procedure.
  • Potential to integrate with GitHub Actions to enforce safe rename semantics across all repos.

FD‑Explorer Library

Summary

  • A reusable Rust crate that converts any Path into a durable file descriptor handle (Fd) with built‑in dirfd support, exposing operations that cannot be spoofed after opening.
  • Includes helpers for secure directory traversal, safe chmod, and unlink that guarantee the handle refers to the intended inode.

Details

Key Value
Target Audience Library authors building secure utilities, sandboxed containers, and privilege‑separated daemons
Core Feature Path::open_fd() returning Fd, rename_fd(src_fd, target_dir_fd, new_name)
Tech Stack Rust 1.80, rustix for openat, libc for renameat2, thiserror
Difficulty Medium
Monetization Hobby (optional paid support contracts)

Notes

  • Users such as “nine_k” argued that “Rust stdlib nudges toward path‑based APIs”; FD‑Explorer flips that by making descriptors first‑class. - The crate can be published on crates.io and sold as a support subscription for enterprises needing guaranteed safe filesystem interactions.

UnixAPI Edu Platform

Summary

  • An interactive online sandbox where learners experiment with low‑level Unix syscalls (openat, renameat, chmod) and see how they map to Rust’s std::fs and rustix APIs.
  • Provides guided challenges that surface the exact bugs discussed (e.g., kill‑1 handling, path‑vs‑fd confusion) and automatically validates correct, safe implementations.

Details

Key Value
Target Audience Rust beginners, CS students, and bootcamp grads
Core Feature Browser‑based REPL with instant feedback on unsafe pattern usage; integrates with CI to lint submissions
Tech Stack Web (React + TypeScript), WebAssembly (Rust compiled to WASM), wasm-pack, Node.js backend
Difficulty Low
Monetization Revenue-ready: $9/mo per learner, or $299/mo for institutional licenses

Notes

  • Directly addresses the “Why can I easily use *‑at functions from Python but not Rust?” frustration voiced in the thread.
  • By turning the unsafe patterns into learnable lessons, the platform can reduce the number of novices who repeat the same mistakes in production code.

Read Later