Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions src/en/SUMMARY.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@

- [Development environment](devenv.md)
- [Libraries](libraries.md)
- [Compilation](compilation.md)

# Language

Expand Down
45 changes: 45 additions & 0 deletions src/en/compilation.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
---
references:
- DOI: 10.1145/3418898
ISSN: 2471-2566
url: https://doi.org/10.1145/3418898
author:
- family: Papaevripides
given: Michalis
- family: Athanasopoulos
given: Elias
container-title: ACM Trans. Priv. Secur.
id: mixed-bins
issue: '2'
issued:
date-parts:
- - 2021
- 1
keyword: CFI, Go, Memory safety, Rust, SafeStack
publisher: Association for Computing Machinery
publisher-place: New York, NY, USA
title: Exploiting Mixed Binaries
type: article-journal
volume: '24'
---

# Compilation

## Hardening and Mixed Binaries

_Hardening_ refers to mechanisms applied during compilation to reduce the impact
or exploitability of certain memory safety defects. In the case of Rust, these
hardening techniques are generally less relevant (except for `unsafe` code).
However, the question arises again in the context of mixed software, that is,
software containing components written in Rust and components written in one or
more languages that do not guarantee memory safety. Indeed, it has been shown (see for instance [@mixed-bins])
that Rust code can be used to bypass hardening applied to vulnerable C code.

<div class="reco" id="COMP-MIXED" type="Recommendation" title="Enable hardening for all languages in a mixed-language application">

When developing a secure application that includes components in multiple
languages, the compilation of all components (including Rust ones) should apply
hardening techniques to limit the exploitability of vulnerabilities present in
components written in languages that do not guarantee memory safety.

</div>
1 change: 1 addition & 0 deletions src/fr/SUMMARY.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@

- [Environnement de développement](devenv.md)
- [Bibliothèques](libraries.md)
- [Compilation](compilation.md)

# Langage

Expand Down
51 changes: 51 additions & 0 deletions src/fr/compilation.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
---
references:
- DOI: 10.1145/3418898
ISSN: 2471-2566
url: https://doi.org/10.1145/3418898
author:
- family: Papaevripides
given: Michalis
- family: Athanasopoulos
given: Elias
container-title: ACM Trans. Priv. Secur.
id: mixed-bins
issue: '2'
issued:
date-parts:
- - 2021
- 1
keyword: CFI, Go, Memory safety, Rust, SafeStack
publisher: Association for Computing Machinery
publisher-place: New York, NY, USA
title: Exploiting Mixed Binaries
type: article-journal
volume: '24'
---

# Compilation

## Durcissement et binaires mixtes

Les _durcissements_ sont des mécanismes mis en place pendant la compilation
permettant de réduire l'impact ou l'exploitabilité d'un certain nombre de défaut
de sûreté mémoire. Dans le cas de Rust, ces durcissements n'ont pas beaucoup
d'intérêt (hors code _unsafe_). Toutefois, la question se pose de nouveau dans
le cas de logiciel mixte, c'est-à-dire contenant des composants écrits en Rust
et des composants écrits dans un ou les langages n'assurant pas la sûreté
mémoire. En effet, il a été montré (par exemple dans [@mixed-bins]) que du code Rust peut être utilisé pour
contourner des durcissements d'un code C vulnérable.

<div class="reco" id="COMP-MIXED" type="Recommandation" title="Activer les durcissements pour tous les langages d'un logiciel mixte">

Dans le cadre du développement d'une application sécurisée comportant des
composants dans plusieurs langages, les compilations des composants (y compris
Rust) devraient appliquer des durcissements de manière à limiter
l'exploitabilité des vulnérabilités présents dans les composants dont le
langage n'assure pas la sûreté mémoire.

</div>

### Références

- _Exploiting Mixed Binaries_, Michalis Papaevripides, Elias Athanasopoulos, <https://dl.acm.org/doi/10.1145/3418898>