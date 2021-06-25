



Google is funding the Internet Security Research Group (ISRG) to sponsor the Rust for Linux organization. Money is raised from laGOOG’s bottomless financial resources to pay Miguel Ojeda as a full-time developer.

The idea is to create some new Linux components in the Rust language (think drivers, etc.). It is also possible to rewrite dangerous C code in this up-and-coming memory-safe language.

Get off my lawn with this month’s trendy flavors. In this week’s Security Blogwatch, we’ll see if you should believe in hype.

Your humble blogwatcher has curated a bit of these blogs for your entertainment. Needless to say, what is the future of the cloud?

Rusted aggression

What is Craic? Jim Salter reports that ISRG wants to use Rust to make the Linux kernel memory safe.

ISRGparent [of the] The Let’s Encrypt project has provided prominent developer Miguel Ojeda with a one-year contract to work on Rust in Linux and other security efforts. Efforts to make Rust a viable language for Linux kernel development began at the 2020 Linux Plumbers conference, and ideas from Linus Torvalds himself were accepted.

Using Rust in new kernel code may reduce the number of bugs in the kernel. Rust does not allow developers to create the possibility of buffer overflows, which is a significant source of complex C code security issues.

ISRG works closely with Google engineer Dan Lorenc, and financial support from Google itself is essential to sponsoring Ojeda’s ongoing work. Ojeda’s work is the first project sponsored under the ISRG Prossimo banner, but it is not the first step the organization has taken to make memory more secure. Previous initiatives include a memory-safe TLS module for Apache web servers, a memory-safe version of the curl data transfer utility, and rustlsa memory-safe instead of ubiquitous OpenSSL.

Speaking of Google, Stephen Shankland says Google is backing the Linux project.

Google [is] Fund a project to enhance the security of Linux by creating part of the core of the operating system in the Rust programming language. Google is paying for the contract and the contract is [ISRG]..

Such changes will indicate major technological and cultural changes [in Linuxa] Google’s Android and Chrome operating systems, and the projects that underlie the vast Internet. Adding the Rust module to the Linux kernel closes some of the means available to hackers and improves security.

Google has already taken early steps to make Rust for Linux Android available. Getting the highest level of approval for a Linux kernel project means that it can also benefit many other software projects. The goal of the Linux on Rust project is not to replace all of the Linux C code, but to improve selective and new parts.

but why? Josh Aas, Executive Director of ISRG, explains support for Miguel Ojedas’ Rust work in the Linux kernel:

Given which code is most important to the Internet today, the Linux kernel is at the top of the list. Bringing memory safety to the Linux kernel is a big task, but the Rust for Linux project has made great strides. We have seen Miguel work with great interest.

The Linux kernel is at the heart of the modern Internet, from servers to client devices. It is at the forefront of processing network data and other forms of input.

Vulnerabilities in the Linux kernel can have a variety of implications and compromise the security and privacy of people, organizations, and devices. Since it is mainly written in C language, there are always concerns about memory safety vulnerabilities such as buffer overflows and post-free use. [With Rust] You can completely eliminate memory safety vulnerabilities.

ISRG is a 501 (c) (3) non-profit organization behind Prossimo and Lets Encrypt. We are 100% supported by the generosity of those who share our vision for ubiquitous and open internet security.

Is this a good idea? clank75 says “yes”.

I’ve been programming Rust [work] I have to say that I’m a fan for about a year now. There is definitely a learning curve, but it’s worth it.

However, there are some issues with the state of the framework. Rather than their lack, they are proliferative, and they are almost all immature, fast-moving targets with unstable APIs. This leads especially to the Rust-style dependency hell. This is probably not a problem for things like Linux kernel development.

Overall, raise two thumbs. Rust is suitable for the kernel. The more developers who use Rust, the better it is for Rust.

But lkcl says “no”, “no”, “three times no”.

It doesn’t matter how good Rust is. This is a very bad idea. All developers should learn 1) Rust’s secure programming techniques 2) C’s secure programming techniques 3) Rust’s best kernel practices 4) C’s best kernel practices.

Not only that, Rust is a moving target.And what’s worse [it] It relies on a distribution system that is not properly linked to the Web-of-trust.

wait. Pause. Did you think Google was in love with Go? mrweasel finds it strange:

It was a bit weird for a while, every time someone says Go youd get, you should try Rust. The two camps seem to have decided that the two languages ​​are aimed at different types of developers, and there is a place for both.

But isn’t the memsafe language badly restricted? This is not always the case, but Dave Simmons argues:

Rust is usually safe unless you mark a section of code as unsafe because you need to do something unsafe. Some built-in libraries are in safe block because they cannot be put into safe mode.

It is better than C / C ++ because it is safe by default. You need to explicitly say that you want to do something unsafe. That way, you can test these sections of your code more thoroughly.

Logic-based validation of code at the scale of a complete application is not yet practical, but if you can limit insecure code to small parts, you may be able to verify that those parts are correct.

Of course horse, eh? Heres ArmoredDragon:

I’ve seen C programmers claim that it’s easy to circumvent security vulnerabilities simply by better planning your code. I’ve also seen C programmers complain about Rust because they need to plan their code better.

A feature of Rust is to ensure that C does not make certain types of mistakes that provide a zero guarantee. At best, you can have a compiler that performs code analysis to look for bugs, but there is no guarantee.

In the meantime, are you old enough to think about what bubbasnmps are thinking?

One of the main benefits of using Rust is that it never sleeps. What is the lesson of the story?

What to see. And if you’re already looking at Rust, this may be the moment you cross that ditch.

And finally

Will Rust replace Go after replacing C?

Before and at the end

You are reading the Security Blogwatch by Richi Jennings. Richi manages the best blogs, the best forums, and the weirdest websites, so you don’t have to. Harassment emails may be sent to @ RiCHi or [email protected] Talk to your doctor before reading. Your mileage may vary. E & OE. 30.

This week’s zomgsauce: Diego Delso / delso.photo (cc: by-sa)

