I want to be clear: I think Rust offers ENORMOUS security benefits over C. No one is disputing that. I personally love Rust, I think it's a great language. This is not an attack on the language, this is an observation that if you use this particular pattern (indexes instead of pointers), you are doing something dangerous, and you can no longer rely on the borrow checker to validate lifetimes.
It seems to me to be a pretty unarguable point. It's frankly a bit shocking to me to see this vehement of a disagreement.
I think there are security vulnerabilities I’ve read about Mach that stem from tricking the kernel into accessing an object as the wrong type. This kind of type confusion would be possible if you had a heterogenous container and had stale index references.
It seems to me to be a pretty unarguable point. It's frankly a bit shocking to me to see this vehement of a disagreement.