Can binaries written in rust be exploited?


#1

Since rust is a robust programming language that prevents memory leaks ,can rust binaries suffer from buffer overflow exploits or ROP? (It cannot…I guess :slight_smile: )

Thank you.


#2

The answer is a bit nuanced. Safe Rust should be memory safe and thus some classes of memory violation based exploits should not be possible. However, most non-trivial codebases will have some unsafe code - some more than others, depending on the domain. Unsafe code is easily found in a codebase thanks to it being clearly demarcated with the “unsafe” keyword. This is good for auditing since most energy can be spent there. However, attackers can also easily find these places and focus their energy on finding holes in them.


#3

This reply answers your title(whether Rust binaries can be exploited), but not the question you wrote within the post(whether Rust binaries are vulnerable to memory related exploits), so take it what you will.

But I think it’s worth mentioning so people don’t get a false sense of security maybe.

Just to add onto what @vitalyd said, even in safe Rust, the compiler cannot verify your concurrency/parallelism designs either, so you can still get bugs from invalid designs which may be exploitable. Examples would be things like race condition bugs(e.g. DirtyCow of Linux kernel), where use of the concurrency primitives do not necessarily prevent logical errors related to parallel execution of codes.

TL;DR : Rust cannot by itself save you from TOCTTOU bugs.


#4

Another thing to mention is Rust won’t help save you from yourself. For example, I could write a program that takes in user input and then executes it using std::process::Command without first validating the user isn’t doing anything funny.

I’ve tried cracking Rust binaries in the past and it’s a lot harder than something written in C. Rust is memory safe by default and most uses of unsafe are carefully audited, so the usual memory abuse tricks (buffer overflow, printf format strings, specially-crafted strings etc) won’t really work. You usually need to take advantage of incorrect logic or higher-level issues.


#5

That’s roughly what happened in the Equifax breach and that was Java.


#6

I guess no one among us can really save us from ourselves then.

:c