It's UWAweek 47

help3007

This forum is provided to promote discussion amongst students enrolled in CITS3007 Secure Coding. If posting a question, it's suggested you check first whether your question is answered in the unit Frequently Asked Questions (FAQ) list, and use the search box (on the right) to see if an answer to your question has already been posted.

Please consider offering answers and suggestions to help other students! And if you fix a problem by following a suggestion here, it would be great if other interested students could see a short "Great, fixed it!"  followup message.

Note that any posts must comply with the UWA Code of Conduct and the UWA Academic Conduct Policy. That means you should (a) treat everyone with respect and courtesy, and (b) not post your solutions to an assessment that's in progress.

If asking a programming question, it's recommended you read How do I ask a good question? If reporting or troubleshooting a bug in software used in the unit, it's recommend you read How to report bugs effectively.
Displaying selected article
Showing 1 of 170 articles.
Currently 31 other people reading this forum.


 UWA week 9 (1st semester, week 1) ↓
SVG not supported

Login to reply

👍x1
helpful

Hi all,

In yesterday's lecture I was asked if using a systems programming language like Rust could help avoid some of the security bugs that are often seen in C code. I mentioned that it can indeed help – but it's important to note that it's still possible for Rust programs and libraries to abruptly abort, segfault, or display undefined behaviour.

By default when you access an array element in Rust, Rust performs a "checked" access – it makes sure the element you're accessing is within bounds, and aborts if it is not.

However, if you know that the element is within bounds, you can also make an "unchecked" array access, in which case Rust skips the bounds check. This is typically done for performance reasons – if you're making many array accesses within a tight loop, all the checks will slow your program down, so you may choose to make unchecked accesses instead. The problem is, if your reasoning is wrong, and the array index was actually out of bounds, then you've caused undefined behaviour, with much the same results as in C.

(There are also other reasons why you might have to use "unsafe" or "unchecked" features of Rust – common reasons are because you're writing your own optimised data structures, or need to interact with C code.)

An example of a security vulnerability arising from undefined behaviour in Rust code is this one, listed on the (US) National Vulnerability Database. There's no need to read it unless you're interested, but the vulnerability arises because arguments to one Rust function weren't checked for validity, and could results in out-of-bounds array access. (The "fix" is that the function is now flagged as "unsafe", with documentation stating that it's the caller's responsibility to use it in the correct manner.)

Also, even if memory problems are avoided, it's still possible to cause security vulnerabilities in Rust code due to poor design or mistakes in implementation (e.g. this issue) – memory-safe languages can prevent some problems, but they can't turn a fundamentally insecure design or bad implementation into a good one.

Cheers!

Arran

The University of Western Australia

Computer Science and Software Engineering

CRICOS Code: 00126G
Written by [email protected]
Powered by history
Feedback always welcome - it makes our software better!
Last modified  8:08AM Aug 25 2024
Privacy policy