The Rust Foundation is Reviewing and Improving Rust's Security (i-programmer.info)
(Saturday September 14, 2024 @11:35PM (EditorDavid)
from the Rust-never-sleeps dept.)
- Reference: 0174993829
- News link: https://developers.slashdot.org/story/24/09/14/0530231/the-rust-foundation-is-reviewing-and-improving-rusts-security
- Source link: https://www.i-programmer.info/news/149-security/17466-rust-foundation-report-on-recent-initiatives.html
The Rust foundation is making "considerable progress" on a complete security audit of the Rust ecosystem, according to [1]the coding news site I Programmer , citing a [2]newly-released [3]report from the nonprofit Rust foundation:
> The foundation is investigating the development of a Public Key Infrastructure (PKI) model for the Rust language, including the design and implementation for a PKI CA and a resilient Quorum model for the project to implement, and the report says that language updates suggested by members of the Project were nearly ready for implementation.
>
> Following the XZ backdoor vulnerability, the Security Initiative has focused on supply chain security, including work on provenance-tracking, verifying that a given crate is actually associated with the repository it claims to be. The top 5,000 crates by download count have been checked and verified.
>
> Threat modeling has now been completed on the Crates ecosystem. Rust Infrastructure, crates.io and the Rust Project.
>
> Two open source security tools, Painter and Typomania, have been developed and released. Painter can be used to build a graph database of dependencies and invocations between all crates within the crates.io ecosystem, including the ability to obtain 'unsafe' statistics, better call graph pruning, and FFI boundary mapping. Typomania ports typogard to Rust, and can be used to detect potential typosquatting as a reusable library that can be adapted to any registry.
They've also tightened admin privileges for Rust's package registry, according to the article. And "In addition to the work on the Security Initiative, the Foundation has also been working on improving interoperability between Rust and C++, supported by a $1 million contribution from Google."
According to the Rust foundation's technology director, they've made "impressive technical strides and developed new strategies to reinforce the safety, security, and longevity of the Rust programming language." And the director says the new report "paints a clear picture of the impact of our technical projects like the Security Initiative, Safety-Critical Rust Consortium, infrastructure and crates.io support, Interop Initiative, and much more."
[1] https://www.i-programmer.info/news/149-security/17466-rust-foundation-report-on-recent-initiatives.html
[2] https://foundation.rust-lang.org/news/latest-rust-foundation-report-details-technical-accomplishments/
[3] https://foundation.rust-lang.org/static/publications/technology-report-2024.pdf
> The foundation is investigating the development of a Public Key Infrastructure (PKI) model for the Rust language, including the design and implementation for a PKI CA and a resilient Quorum model for the project to implement, and the report says that language updates suggested by members of the Project were nearly ready for implementation.
>
> Following the XZ backdoor vulnerability, the Security Initiative has focused on supply chain security, including work on provenance-tracking, verifying that a given crate is actually associated with the repository it claims to be. The top 5,000 crates by download count have been checked and verified.
>
> Threat modeling has now been completed on the Crates ecosystem. Rust Infrastructure, crates.io and the Rust Project.
>
> Two open source security tools, Painter and Typomania, have been developed and released. Painter can be used to build a graph database of dependencies and invocations between all crates within the crates.io ecosystem, including the ability to obtain 'unsafe' statistics, better call graph pruning, and FFI boundary mapping. Typomania ports typogard to Rust, and can be used to detect potential typosquatting as a reusable library that can be adapted to any registry.
They've also tightened admin privileges for Rust's package registry, according to the article. And "In addition to the work on the Security Initiative, the Foundation has also been working on improving interoperability between Rust and C++, supported by a $1 million contribution from Google."
According to the Rust foundation's technology director, they've made "impressive technical strides and developed new strategies to reinforce the safety, security, and longevity of the Rust programming language." And the director says the new report "paints a clear picture of the impact of our technical projects like the Security Initiative, Safety-Critical Rust Consortium, infrastructure and crates.io support, Interop Initiative, and much more."
[1] https://www.i-programmer.info/news/149-security/17466-rust-foundation-report-on-recent-initiatives.html
[2] https://foundation.rust-lang.org/news/latest-rust-foundation-report-details-technical-accomplishments/
[3] https://foundation.rust-lang.org/static/publications/technology-report-2024.pdf
How about a new syntax? (Score:2)
by Gravis Zero ( 934156 )
I know "it's just grammar" but damn if Rust doesn't have the most jarring grammar I've seen in the last few decades then whatever was worse had to have been blacked out from my memory.
New tune (Score:3)
Last week: "Rust is way more secure than C, you should rewrite linux!"
This week: "Rust is insecure, let's work on that."
Re: (Score:2)
Yep. Funny how that goes. I think they are just lying.
Re: (Score:2)
The summary explains their effort relates to security of the project infrastructure. Nothing to do with the language. It's about admin privileges in the repository and signing releases.
The most programming-related are the tools to help programmers to analyse dependencies in their projects (in a way they can catch something like xz-utils backdoor in openssh). Once more, nothing in this news discusses the security of the language, only the infrastructure.
Re: (Score:2)
You cannot make a distinction between the security of the project/compiler repository and the security of the "language".
[1]Ken Thompson Hack [cmu.edu]
[1] https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf
Re: New tune (Score:2)
> Rust is insecure
Nobody said that.
Re: (Score:3)
They should look into rewriting it in Rust. It makes everything more secure.
Re: (Score:2)
It's written mainly in C++ with a lot of shim code written in Perl.
Re: (Score:2)
Oh that's good, Perl is a secure language, after all. You can't have vulerabilities or exploits in Perl.
Re:New tune (Score:4, Insightful)
A different set of concerns. You have security concerns that may be fundamental to the language, and then there's concerns around the logistics, which may be correlated with the language. This concern is all about the ecosystem logistics.
With C, the unique concern is how it doesn't do anything to help and forces you to micromanage memory bounds and allocation. So a trustworthy developer with trustworthy dependencies is at relatively higher risk of making a security problem through a third party being able to trick executables into accidentally reading and/or writing memory that wasn't meant to be read or written.
With the kernel, C and Rust as far as I can tell have fairly similar logistics, so this isn't too pertinent to concerns that might impact the kernel. So you just have the generally more sane behavior with respect to allocation and boundaries of data structures.
However, Rust like so many others has embraced trivial access to largely uncurated, self-published third-party code. The good news is a quick typing of the name of the library you know and love gets you that library. Bad news is you are one typo away from a malicious code. Or for maliciousness to come to the sanctioned package. Node(Javascript), Rust, Python, and Go all perhaps make it *too* easy to go grab whatever dependency without giving it a thought, in some cases having dependencies loaded at run time instead of build time, leaving the door open for arbitrary injection of third party code at any point. Fundamentally, this is high risk but they are trying to mitigate it. You *can* do a more traditional vetting and careful management of your dependencies with these languages, but the communities will look at you weird for being meticulous when you can just type a quick line in a file or run a quick command and be nice and fresh dependency you wanted.
Re: (Score:2)
> However, Rust like so many others has embraced trivial access to largely uncurated, self-published third-party code.
Yeah, that's always the problem, right? Bad engineering decisions and mistakes lead to security flaws.
It's not the language, it's the programmer. A programmer who isn't trying to think of all possibilities that could go wrong, will always write insecure code. In any language.
If you're a "happy path" programmer, you can't write good code.
Re: (Score:2)
> Learn how to be a "happy path" programmer and your code will be clearer, cleaner, safer, more secure, and easier to maintain.
The opposite, actually, because you haven't learned to take multiple complex paths and write them simple and elegantly.
But fortunately, hackers only use the happy path, they've never been the type to try to make your code crash.
Re: New tune (Score:1)
Happy Path like most web frameworks? They are all warm and fuzzy and cute until you actually have to make something useful with them.....