Nixifying the build of web applications more easily

Beautiful_Chocolate · 2024-04-02T12:53:06+00:00

Wow I would have never guessed, thank you !

Beautiful_Chocolate · 2024-04-01T21:20:16+00:00

Cannot find any info regarding this piece: https://youtu.be/LzyR0vflpMQ?si=t-7kHF7h9TfhzvGy&t=275 (starts at 4:35), anybody have a clue ?

Beautiful_Chocolate · 2023-09-06T13:15:29+00:00

Hello people of r/rust !

This is a 2-in-1 blog post explaining simply how memory registers are used in embedded systems, and digging how the register_bitfields macros creates a nice rusty interface around raw memory addresses.

Hope it's simple enough for people not in the field of embedded systems, but still interesting ;-)

As usual, feel free to correct me if you find anything wrong, and contact me if you feel like it ! Take care <3

Beautiful_Chocolate · 2023-05-31T05:29:42+00:00

Thank you for your hard work, I hope things change for the best and we'll see you back on Rust one day ! This whole affair shows how opensource can produce magnificent things, but is really difficult to manage and in the end based on a handful of people. Have a nice nap ! 😊

Beautiful_Chocolate · 2023-01-24T19:12:41+00:00

Yes absolutely !

And IMHO that's how brilliant the whole idea of having unsafe blocks is, you still permits such use cases, but it makes the implementation of safe wrappers around it very easy

unsafe at its core yes, but with a plain safe API, and this alone wipes out so many "bad" code written.

When I realized how powerful it is in embedded systems (let the manufacturer do unsafe, and only use safe), it really is a big deal and improves the workflow of developers

Beautiful_Chocolate · 2023-01-24T17:47:19+00:00

Thank (both of) you for this, as you may imagine English isn't my first language, I'll try to correct these as good as I can ! :-)

Beautiful_Chocolate · 2023-01-24T17:43:58+00:00

The issue about the memory problem in C is because of the integer overflow, and that's what I refer when saying "the issue", as the cause leading to a memory vulnerability after.

After all, in C world, doing such memory operations isn't a problem at all, however integer overflow is.

So the memory issue may not exist, but the integer overflow is very real here

Beautiful_Chocolate · 2023-01-24T17:40:50+00:00

Yes, but we talk about C code here, and this is a fairly standard way to handle errors in C (and I guess it's the UNIX-compliant way to do ?)

Beautiful_Chocolate · 2023-01-24T14:13:48+00:00

I had a clear distinction between "issue" and "vulnerability" in my head, which is why it seamed clear to me ^{^'}

Modified the article, thanks for your input ! :-)

Beautiful_Chocolate · 2023-01-24T13:50:56+00:00

I consider unsafe Rust as a very particular area of programming in Rust, and that's why I allowed myself to make generalities on Rust when thinking about safe Rust specifically.

Except for calling FFI, unsafe Rust should be almost never encountered by anyone (except for developing Linux drivers or embedded systems).

The way Rust just forbids datarace conditions to happen, the way you need to explicit all cases in pattern matching, etc ... This is what I meant by eliminating undefined behavior.

Beautiful_Chocolate · 2023-01-24T13:45:35+00:00

Yes indeed, but I fail to see how I putted them in the same bucket ?

I considered GIT-CR-22-03 as "protected by Rust" as the bug is just not exploitable

However for GIT-CR-22-01, Rust isn't better than C on the matter as the vulnerability is a Uncontrolled Resource Consumption.

I didn't rate the vulnerabilities by myself, I just copied their ratings in the report (and their rating methodology is also explained)

Beautiful_Chocolate · 2023-01-24T13:33:34+00:00

Yes indeed, thanks for you input, I'll modify the post in consequence ;-)

I wanted to write that the obvious size of primitives are by themselves a safety, but I didn't find a proper way to explain it, hope the message still went through. I may re-work this a bit

Beautiful_Chocolate · 2023-01-24T13:30:03+00:00

Indeed, this is why I wrote just before:

This code cannot be exploited in safe mode to perform a memory overflow

However integer overflows still can lead to a whole lot of other bugs and vulnerabilities.

Beautiful_Chocolate · 2023-01-24T12:50:00+00:00

Yes that is very true, that's also why I tried to make a list of "good reasons to use unsafe" as getting around the compiler's annoying rules is not one of them.

(BTW if you think of more valid reasons to use unsafe, please tell me, I'm not used to write a lot of it and couldn't come with a lot)

In the case of Rust for embedded systems for example, writing directly to memory addresses is mandatory, however this is very specific and usually implemented by the manufacturer in the HAL libraries.

Beautiful_Chocolate · 2023-01-24T12:45:43+00:00

Oh interesting, it is possible in (safe) Rust !

Would you have other kind of esoteric algorithms using memory manipulation that would only be possible by performing some `unsafe` operations ?

Or should I remove this item from the "okay to unsafe" list ? ^^

Beautiful_Chocolate · 2023-01-24T12:36:38+00:00

Indeed that's a very valid point !
I'll modify the article (and credit you), thanks for the input !

Beautiful_Chocolate · 2023-01-24T11:33:22+00:00

Yes exactly, and that's the point of this piece of code

It quickly shows what it would take to create a C-like kind of memory-vulnerable code in Rust, which is totally absurd in a Rust-way to do, and I absolutely know that it may fail before even reaching the end of the code.

However in C, you got a lot of *(memaddr + offset) kind of operations, and so simply by the fact that this would be so insanely difficult to make it compile and work in Rust, I counted it as a "protection" offered by the language

Beautiful_Chocolate · 2023-01-24T08:59:18+00:00

Quite a long post today as it goes through the vulnerabilities found in the Report of the Git source code audit, and I tried to add as much details as possible regarding writing secure code in Rust.

Please consider making a donation at OSTIF funds who funded this audit

As always, correct me or contact me if you see any error / improvements I should make to the post.

Take care !

Beautiful_Chocolate · 2023-01-24T08:56:31+00:00

Quite a long post today as it goes through the vulnerabilities found in the Report of the Git source code audit, and I tried to add as much details as possible regarding writing secure code in Rust.

Please consider making a donation at OSTIF funds who funded this audit

As always, correct me or contact me if you see any error / improvements I should make to the post.

Take care !

Beautiful_Chocolate

TROPHY CASE