Thoughts on Hardening?


Rust has achieved a lot already in terms of proposing a safe alternative to existing system programming languages.

Not only is the safe subset of Rust already much safer than most alternatives (with maybe Ada/Spark being a strong contender?), but there is also a desire to tame the unsafe subset of Rust, and its FFI:

  • Niko is thinking hard about the operational semantics of unsafe code,
  • Japaric is working on making the sanitizers (ASan, MemSan, TSan) available to Rust developers,
  • Rust being a native language plays nice with valgrind,
  • I know for sure that Rust also uses ASLR (Address Space Layout Randomization).

Clearly, there is a desire for defense in depth.

I was wondering if this extended to a wish to extend the runtime hardening beyond ASLR.

For example, Clang has some Control Flow Integrity checks which can be used in Release binaries at a minimum runtime cost (the Forward-Edge CFI for virtual calls adds less than 1% overhead) and Safe Stack which splits the stack in two (safe and unsafe subparts).

I was wondering if Rust had other mitigations strategies than ASLR or there were plans to integrate some of them.