Thoughts on Hardening?

Rust has achieved a lot already in terms of proposing a safe alternative to existing system programming languages.

Not only is the safe subset of Rust already much safer than most alternatives (with maybe Ada/Spark being a strong contender?), but there is also a desire to tame the unsafe subset of Rust, and its FFI:

  • Niko is thinking hard about the operational semantics of unsafe code,
  • Japaric is working on making the sanitizers (ASan, MemSan, TSan) available to Rust developers,
  • Rust being a native language plays nice with valgrind,
  • I know for sure that Rust also uses ASLR (Address Space Layout Randomization).

Clearly, there is a desire for defense in depth.

I was wondering if this extended to a wish to extend the runtime hardening beyond ASLR.

For example, Clang has some Control Flow Integrity checks which can be used in Release binaries at a minimum runtime cost (the Forward-Edge CFI for virtual calls adds less than 1% overhead) and Safe Stack which splits the stack in two (safe and unsafe subparts).

I was wondering if Rust had other mitigations strategies than ASLR or there were plans to integrate some of them.

11 Likes

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.