Skip to content

add mixed binary hardening rule #82

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

add mixed binary hardening rule #82

wants to merge 2 commits into from

Conversation

polazarus
Copy link
Contributor

open question: should the guide includes current hardening options?

closes #72

polazarus
polazarus commented Aug 5, 2025
View reviewed changes
src/fr/02_devenv.md Outdated
mémoire. En effet, il a été montré que du code Rust peut être utilisé pour
contourner des durcissements d'un code C vulnérable.

> ** Règles {{#check DENV-MIXED | Activer les durcissements pour tous les langages d'un logiciel mixte}}**
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

-s

@hg-anssi
Copy link
Contributor

hg-anssi commented Aug 6, 2025

@polazarus : could you rebase your commit on top of PR #83 ?

@hg-anssi hg-anssi mentioned this pull request Aug 6, 2025
Merged
hg-anssi
hg-anssi reviewed Aug 6, 2025
View reviewed changes
src/fr/02_devenv.md Outdated
particuliers. Nous en discutons dans les chapitres suivants en fonction de leurs
portées et de leurs objectifs.

## Durcissement et binaires mixtes
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@polazarus : Maybe this should be added to the FFI part ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know. It should be enabled in product that do not directly use FFI... My understanding is that if a programmer does not use FFI, it should not have to look at the FFI section.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In which cases can mixed binaries be used without FFI?

@polazarus polazarus force-pushed the mixed-binary-hardening branch from 3d4d580 to 3a3d703 Compare August 12, 2025 14:42
@polazarus
Copy link
Contributor Author

polazarus commented Sep 2, 2025
edited
Loading

  • mettre un paragraphe hardening global avec une Recommandation de durcissement, en présence de code unsafe propre ou tiers
  • changer la règle en warning
  • ajouter un exemple simple

https://doc.rust-lang.org/beta/rustc/exploit-mitigations.html#stack-clashing-protection

@hg-anssi
Copy link
Contributor

hg-anssi commented Sep 5, 2025

Here are some questions of mine regarding the subject of mixed binaries with hardening for the guide:

  • This rule does not seem to be a Rust specificity
  • However, it could be interesting to give some good practices to bypass attacks for the specific case of rust (function pointer)
    • Something similar is already written is the FFI part of the guide
  • I think the problem of mixed binary should only be study in the "direction" Rust from C because
    • calling C function from Rust is unsafe, and thus is clearly tagged as dangerous by the unsafe annotation,
    • calling C from Rust has the same constraints than any other language calling C regarding preservation of hardening
  • Thus I think that mixed binaries created by crates which bind to C library may not be study in this guide regarding the problem of hardening, since the constraints they have are not specific to Rust
  • On the contrary, calling Rust from C, even though it involves the same requirements as any other language called from C, is interesting to study because the harmfulness of inclusion contrasts with the feeling of security provided while writing safe Rust code.

For these reasons, I think that the rules concerning the hardening of mixed binaries should be included in the FFI sections, possibly in the form of additional points insisting on the existing rules (such as the FFI-MARKEDFUNPTR rule, for example).

@hg-anssi hg-anssi force-pushed the mixed-binary-hardening branch 5 times, most recently from f580011 to 7912626 Compare September 15, 2025 09:21
@hg-anssi hg-anssi force-pushed the mixed-binary-hardening branch from 35d5184 to 0645c1d Compare September 18, 2025 09:53
@hg-anssi hg-anssi force-pushed the mixed-binary-hardening branch 5 times, most recently from 640fc82 to 2e65294 Compare October 2, 2025 12:53
@hg-anssi hg-anssi force-pushed the mixed-binary-hardening branch 4 times, most recently from 639e5ed to 5fb1a93 Compare October 9, 2025 07:09
@hg-anssi hg-anssi force-pushed the mixed-binary-hardening branch from 5fb1a93 to be4314a Compare October 10, 2025 08:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hg-anssi hg-anssi hg-anssi left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Warn about mixed binaries

2 participants

@polazarus @hg-anssi