help3007

It's UWAweek 17 (1st semester, week 8)

help3007

This forum is provided to promote discussion amongst students enrolled in CITS3007 Secure Coding. If posting a question, it's suggested you check first whether your question is answered in the unit Frequently Asked Questions (FAQ) list, and use the search box (on the right) to see if an answer to your question has already been posted.

Please consider offering answers and suggestions to help other students! And if you fix a problem by following a suggestion here, it would be great if other interested students could see a short "Great, fixed it!" followup message.

Note that any posts must comply with the UWA Code of Conduct and the UWA Academic Conduct Policy. That means you should (a) treat everyone with respect and courtesy, and (b) not post your solutions to an assessment that's in progress.

If asking a programming question, it's recommended you read How do I ask a good question? If reporting or troubleshooting a bug in software used in the unit, it's recommend you read How to report bugs effectively.

Displaying selected article

Showing 1 of 42 articles.
Currently no other people reading this forum.

UWA week 9 (1st semester, week 1) ↓

trivia Undefined behaviour and security bugs in Rust code

6:15pm Thu 29th Feb, Arran S.

Hi all,

In yesterday's lecture I was asked if using a systems programming language like Rust could help avoid some of the security bugs that are often seen in C code. I mentioned that it can indeed help – but it's important to note that it's still possible for Rust programs and libraries to abruptly abort, segfault, or display undefined behaviour.

By default when you access an array element in Rust, Rust performs a "checked" access – it makes sure the element you're accessing is within bounds, and aborts if it is not.

However, if you know that the element is within bounds, you can also make an "unchecked" array access, in which case Rust skips the bounds check. This is typically done for performance reasons – if you're making many array accesses within a tight loop, all the checks will slow your program down, so you may choose to make unchecked accesses instead. The problem is, if your reasoning is wrong, and the array index was actually out of bounds, then you've caused undefined behaviour, with much the same results as in C.

(There are also other reasons why you might have to use "unsafe" or "unchecked" features of Rust – common reasons are because you're writing your own optimised data structures, or need to interact with C code.)

An example of a security vulnerability arising from undefined behaviour in Rust code is this one, listed on the (US) National Vulnerability Database. There's no need to read it unless you're interested, but the vulnerability arises because arguments to one Rust function weren't checked for validity, and could results in out-of-bounds array access. (The "fix" is that the function is now flagged as "unsafe", with documentation stating that it's the caller's responsibility to use it in the correct manner.)

Also, even if memory problems are avoided, it's still possible to cause security vulnerabilities in Rust code due to poor design or mistakes in implementation (e.g. this issue) – memory-safe languages can prevent some problems, but they can't turn a fundamentally insecure design or bad implementation into a good one.

Cheers!

Arran

help3007 articles all ANNOUNCEMENTS recent articles login to post a new article tagged articles (40 / 50) the unit in general (5) software security in the news (1) lectures (4) labs (19) tests and quizzes (8) trivia (3) help3007 topics from today and yesterday from the past week from the past two weeks ALL topics, most recent first	login chapter0 unitinfo research projects csforum csse-feedback csbreakdown cssubmit csmarks 1st semester help fora Computer Networks Data Structures and Algorithms Graphics and Animation Mobile and Wireless Computing Object Oriented Programming Open Source Tools and Scripting Software Requirements and Design Software Testing and Quality Assurance