Amazon Web Services gives money for more security of the standard Rust library
AWS wants to use crowdsourcing to examine Rust's standard library for vulnerabilities and undefined behavior.
(Image: iX)
Amazon Web Services (AWS) has launched a competition to verify the security of the Rust standard library. Individual challenges verify different areas of the Rust libraries.
The Rust Foundation, which is responsible for the development of the programming language, is supporting the competition.
Videos by heise
Rust is particularly popular because of its memory safety concepts. The specifications prevent typical memory errors, which are responsible for the majority of vulnerabilities in software.
Unsafe Rust does not have to be unsafe, but it can be.
However, Rust reaches its limits in low-level programming, for example for direct interactions with the operating system. The unsafe keyword exists as a workaround, which, among other things, lifts the ban on dereferencing raw pointers.
Unsafe Rust does not mean that the code is unsafe, but that some memory safety concepts do not apply. For example, dereferencing a raw pointer can lead to undefined behavior if the code does not check the pointer sufficiently beforehand.
In addition to functions marked as unsafe, Rust offers so-called safe abstractions: A function is considered safe even though it contains unsafe code. The function itself is responsible for ensuring that the internal unsafe block does not lead to undefined behavior. A detailed example can be found in the Rust documentation.
There is a lot to do
According to AWS, the Rust standard library has around 35,000 functions, of which 7500 are marked as unsafe. Another 3000 are safe abstractions. In Rust's core library with around 21,000 functions, AWS has 7000 marked as unsafe and an additional 1700 safe abstractions.
In the last three years, 57 issues have been launched on the security of the Rust standard library and there have been 20 CVE (Common Vulnerabilities and Exposures) entries.
The competition launched by AWS relies on crowdsourcing to improve the security of the standard library.
Rewards for completed challenges
A series of challenges serves to check individual areas of the library. AWS pays financial rewards for successfully completed challenges, the amount of which is not specified in the blog post.
As an example of a challenge, the article lists"Challenge 10: Memory safety of String" to check the safe abstraction of the insert function of std::string::String:
pub fn insert(&mut self, idx: usize, ch: char) {
assert!(self.is_char_boundary(idx));
let mut bits = [0; 4];
let bits = ch.encode_utf8(&mut bits).as_bytes();
unsafe {
self.insert_bytes(idx, bits);
}
}This involves verifying the implementation of the insert_bytes function used in the unsafe block:
unsafe fn insert_bytes(&mut self, idx: usize, bytes: &[u8]) {
let len = self.len();
let amt = bytes.len();
self.vec.reserve(amt);
unsafe {
ptr::copy(self.vec.as_ptr().add(idx), self.vec.as_mut_ptr().add(idx + amt), len - idx);
ptr::copy_nonoverlapping(bytes.as_ptr(), self.vec.as_mut_ptr().add(idx), amt);
self.vec.set_len(len + amt);
}
}Each challenge has a list of criteria that must be successfully verified to ensure safety. In its blog post, AWS lists some tools that are suitable for verifying the functions in different ways.
A Rust fork for the tests
For the competition, AWS has created a GitHub repository that contains both the challenges and a fork of the standard library. This fork explicitly does not serve as an alternative to the official Rust releases, but only to carry out the challenges.
Further details can be found on the AWS blog and in the Rust Foundation's announcement.
(rme)
