![Example: Use after Free in Rust
e r r o r [ E0382 ] : borrow o f moved v a l u e : ‘s‘
l e t s
- - > s r c / m a i n . r s : 1 2 : 2 4
|
8 |
|
|
|
= S t r i n g : : from ( " h e l l o " ) ;
- move o c c u r s b e c a u s e ‘s‘h a s t y p e ‘s t d : :
s t r i n g : : S t r i n g ‘, which does n o t
i m p l e m e n t t h e ‘Copy ‘ t r a i t
d o _ s t u f f ( s ) ;
- v a l u e moved h e r e
p r i n t l n ! ( " s= ’{}’",
he r e
. . .
11 |
|
12 |
|
|
s ) ;
^ v a l u e borrowe d
a f t e r move
e r r o r : a b o r t i n g due t o p r e v i o u s e r r o r](https://image.slidesharecdn.com/codeharbourdec2019-part1-191205114625/85/Why-Rust-by-Edd-Barrett-codeHarbour-December-2019-39-320.jpg)
Why Rust? by Edd Barrett (codeHarbour December 2019)
- 1. Why Rust? With Edd Barrett
- 2. A Little About Me e ResearchAssociate @King’s College London e Former postgrad of University of Kent. e OpenBSD Developer (ports) @[email protected] @vext01
- 3. Rust
- 4. C and C++
- 5. C and C++ C e 1972 e Dennis Ritchie, Bell Labs C++ e 1985 e Bjarne Stroustrup Both “systems” languages.
- 6. C and C++ arePopular Languages https://www.tiobe.com/tiobe- index/
- 7. C and C++ arePopular Languages https://thenewstack.io/evolve -die-popular -programming-languages-confront-newcom ers-tiobe- index/
- 8. The problem languages like C and C++
- 9. The problem languages like C and C++ Unsafe
- 10. The problem languages like C and C++ Unsafe e Memorysafety e Threadsafety
- 11. The problem languages like C and C++ Unsafe e Memorysafety e Threadsafety
- 12. Memory Safety * s ) {v o i d d o _ s t u f f ( c h a r . . . i f ( e r r o r ) f r e e ( s ) ; } i n t m a i n ( v o i d ) { c h a r * s = m a l l o c ( 1 6 ) ; s t r n c p y ( s , " h e l l o " , 1 6 ) ; p r i n t f ( " s= ’ s’ n " , s ) ; d o _ s t u f f ( s ) ; p r i n t f ( " s= ’ s’ n " , s ) ; / / < - - Use a f t e r f r e e ! r e t u r n ( EXIT_ SUCCESS ) ; }
- 13. Kinds of Memory Error e Useafter free e Double free e Buffer overflow e Dangling pointer e Freeinganinvalidaddress Experiencedprogrammers makethesemistakes!
- 14. Memory Errors = Undefined Behaviour What should happen afterwards is notdefined! e Program may continue to work OK (you got lucky) e Program may crash e Program my continue, but behave differently
- 15. Memory Safety $ ./use-after -free s=’hello ’ s=’ ’
- 17. *Not anaccuratedepiction of a hacker https://pixabay.com/phot os/ hacker -attack-mask-internet-2883632/
- 18. Hackers! “Hackers” exploit memory errors Often they can“persuade” abrokenprogram to do their bidding
- 20. What Hackers Want e To steal your sensitive data.
- 21. What Hackers Want e To steal your sensitive data. e To run naughty programs on your computer.
- 22. How bad is the problem?
- 23. CVEs Common Vulnerability and Exposures Database
- 24. https://nvd.nist.gov/ vuln/detail/CVE -2019-8225
- 25. CVE Statistics: Cifuentes andBierman http: //drops.dagstuhl.de/opus/volltexte/2019/10546/
- 26. CVE Statistics: Cifuentes andBierman For the five years from 2013 to 2017: 5,899 buffer errors (That’s about 21%of the data) Average total cost of a data breach: US$3.86 million
- 27. Other Statistics: Alex Gaynor https://alexgaynor.net/2019/aug/12/ introduction-to-memory-unsafety-for-vps-of-engineering/
- 28. Other Statistics: Alex Gaynor A recent study found that 60-70% of vul- nerabilities in iOS and macOS are caused by memory unsafety. Microsoft estimates that 70% of all vulnera- bilities in their products over the last decade have been caused by memoryunsafety. Google estimated that 90% of Android vul- nerabilities arememoryunsafety.
- 29. How bad is the problem? Pretty bad!
- 30. What can wedo?
- 31. What can wedo? e Detect and fix using dynamic/static analysis
- 32. What can wedo? e Detect and fix using dynamic/static analysis e OS-level mitigations
- 33. What can wedo? e Detect and fix using dynamic/static analysis e OS-level mitigations e Usea“managed” language e GarbageCollection :(
- 34. Mozilla
- 35. Firefox
- 36. Rust
- 37. Rust’s Motivation Rust’s rich type system and owner- ship model guarantee memory-safety and thread-safety, and enable you to eliminate many classes of bugs at compile-time. (+ performance + productivity)
- 38. Example: Use after Free in Rust fn do_stuff(s: String) { ... if error { drop(s); // Not necessary. } } fn main () { let s = String ::from("hello"); println!("s=’{}’", s); do_stuff(s); println!("s=’{}’", s); }
- 39. Example: Use after Free in Rust e r r o r [ E0382 ] : borrow o f moved v a l u e : ‘s‘ l e t s - - > s r c / m a i n . r s : 1 2 : 2 4 | 8 | | | | = S t r i n g : : from ( " h e l l o " ) ; - move o c c u r s b e c a u s e ‘s‘h a s t y p e ‘s t d : : s t r i n g : : S t r i n g ‘, which does n o t i m p l e m e n t t h e ‘Copy ‘ t r a i t d o _ s t u f f ( s ) ; - v a l u e moved h e r e p r i n t l n ! ( " s= ’{}’", he r e . . . 11 | | 12 | | | s ) ; ^ v a l u e borrowe d a f t e r move e r r o r : a b o r t i n g due t o p r e v i o u s e r r o r
- 40. Ownership
- 42. Rust’s Ownership and Lifetimes Compile-time memorysafety without agarbage collector.
- 43. Rust’s Ownership and Lifetimes Compile-time memorysafety without agarbage collector. Secureand performant systemsprogramming!
- 44. The take away message
- 45. The take away message With Rust, memoryerrors canbe(mostly) athing of the past.
- 46. The take away message With Rust, memoryerrors canbe(mostly) athing of the past. https://pixabay.com/photos/thumbs -up-thumb-hand-positive-
- 47. What else is good about Rust? e Pretty good performance.
- 48. What else is good about Rust? e Pretty good performance. e Goodstandard library.
- 49. What else is good about Rust? e Pretty good performance. e Goodstandard library. e Goodand safemulti-threading support.
- 50. What else is good about Rust? e Pretty good performance. e Goodstandard library. e Goodand safemulti-threading support. e Pretty portable.
- 51. What else is good about Rust? e Pretty good performance. e Goodstandard library. e Goodand safemulti-threading support. e Pretty portable. e Thriving community and ecosystem.
- 52. Any Downsides?
- 53. Any Downsides? e Rust is quite hard to learn. e e e Ownership/lifetimes are unfamiliar. Error messages hard to understand. Large language.
- 54. Any Downsides? e Rust is quite hard to learn. e e e Ownership/lifetimes are unfamiliar. Error messages hard to understand. Large language. e Rust is still young and changing.
- 55. Any Downsides? e Rust is quite hard to learn. e e e Ownership/lifetimes are unfamiliar. Error messages hard to understand. Large language. e Rust is still young and changing. e Compile-times canbeslow.
- 56. Any Downsides? e Rust is quite hard to learn. e e e Ownership/lifetimes are unfamiliar. Error messages hard to understand. Large language. e Rust is still young and changing. e Compile-times canbeslow. e Somethings arequite hard in “safe” Rust. e unsafe keyword
- 57. Resources Website: https://www.rust-lang.org/ GitHub: https://github.com/rust-lang/rust Try it out online: https://play.rust-lang.org/ Learn: https://doc.rust-lang.org/rust-by-example/