[neomutt-devel] Lua in neomutt | systematically finding segmentation faults
toogley at nixnet.email
Wed Mar 3 10:42:12 CET 2021
On Tue, Mar 02, 2021 at 07:21:26PM -0800, Ihor Antonov wrote:
> > And as far as i understand OpenBSD is more strict about memory errors
> > compared to most linux distros and crashes therefore more often when
> > something slightly is wrong.
> This is an oversimplification. OpenBSD is just a different OS, and it
> has different libc, different kernel, same POSIX syscall may behave
> slightly differently, in the end even OpenBSD can have bugs. Lastly,
> OpenBSD has the least amount of users comparing to Linux and FreeBSD so
> it is fair to suggest it is the least tested.
i don't know which OS is better tested. the core part of OpenBSD is
usually very good quality, altough it has truly fewer users.
> With that in mind I don't think it is fair to say that crashes are more
> frequent on OpenBSD because it is a more secure OS (I am also not
> denying that it is). It is the overall complexity of the problem that
> makes it hard, too many moving parts, that is all.
Both OpenBSD and for instance Linux have Kernel features to increase
randomization and prevent memory bugs, for instance stack canaries. But
the difference from OpenBSD is: it is enabled by default and you cannot
So before enabling a new security feature (like stack canaries), they
enable it in -current and see what breaks. Then they fix every error
they come across and only when no more bugs are found they also enable
it in -stable. So they use such strict security features to improve
correctness and help find bugs.
So in Linux, Linus Torvalds thinks for instance that you should not kill
programs with an memory bug, that would be too harsh. In OpenBSD, it is
instantly killed as soon as a memory bug is detected by the kernel.
Thats the reason why i had a few coredumps from programs like
thunderbird, neomutt, etc. on my OpenBSD laptop.
> Using sourcehut is something that I was thinking about too. I presented
> this idea to flatcap once. I don't think that anybody would object to
> more CI and tests. We just don't have enough manpower to do it.
> If you are willing to contribute the build definitions I think we can
> ask Drew to give us free account. (He did so when I asked for OpenSMTPD)
interesting, i asked flatcap yesterday what he thinks about switching
neomutt development from github to sourcehut when the sourcehut beta is
But yes, i completely agree with the manpower point. I might do it in a
few months/years when my life is more stable but i don't have time at
the moment. :/
More information about the neomutt-devel