From 8e50cb884bfe11a45aba6d9cba754c518d0f5c66 Mon Sep 17 00:00:00 2001 From: Disconnect3d Date: Thu, 9 Mar 2023 18:15:11 +0100 Subject: [PATCH 1/4] unstable-book: split sanitizers into testing and production ones The Rust Unstable Book lists compiler sanitizers that can be used in Rust programs. However, it does not say whether it is okay to use certain sanitizers on production or not, which may suggest that its okay to do so. I believe that none of ASAN/TSAN/MSAN/LeakSAN should be used on production. There was an old thread on oss-security that provided more details here: https://www.openwall.com/lists/oss-security/2016/02/17/9 but one example to not use those sanitizers on production is the fact that some of them use environment variables that control things like "path to the binary that will be used to get the symbol names for stack traces". As a result, if a sanitized binary has suid, an attacker can use the specific environment variable to run their own program and escalate their privileges this way. --- .../src/compiler-flags/sanitizer.md | 28 ++++++++++--------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/src/doc/unstable-book/src/compiler-flags/sanitizer.md b/src/doc/unstable-book/src/compiler-flags/sanitizer.md index 262cef3454ad3..14c51df644ebc 100644 --- a/src/doc/unstable-book/src/compiler-flags/sanitizer.md +++ b/src/doc/unstable-book/src/compiler-flags/sanitizer.md @@ -9,20 +9,22 @@ The tracking issues for this feature are: This feature allows for use of one of following sanitizers: -* [AddressSanitizer](#addresssanitizer) a fast memory error detector. -* [ControlFlowIntegrity](#controlflowintegrity) LLVM Control Flow Integrity (CFI) provides - forward-edge control flow protection. -* [HWAddressSanitizer](#hwaddresssanitizer) a memory error detector similar to +* Those intended for testing or fuzzing (but not production use): + * [AddressSanitizer](#addresssanitizer) a fast memory error detector. + * [HWAddressSanitizer](#hwaddresssanitizer) a memory error detector similar to AddressSanitizer, but based on partial hardware assistance. -* [KernelControlFlowIntegrity](#kernelcontrolflowintegrity) LLVM Kernel Control - Flow Integrity (KCFI) provides forward-edge control flow protection for - operating systems kernels. -* [LeakSanitizer](#leaksanitizer) a run-time memory leak detector. -* [MemorySanitizer](#memorysanitizer) a detector of uninitialized reads. -* [MemTagSanitizer](#memtagsanitizer) fast memory error detector based on - Armv8.5-A Memory Tagging Extension. -* [ShadowCallStack](#shadowcallstack) provides backward-edge control flow protection. -* [ThreadSanitizer](#threadsanitizer) a fast data race detector. + * [LeakSanitizer](#leaksanitizer) a run-time memory leak detector. + * [MemorySanitizer](#memorysanitizer) a detector of uninitialized reads. + * [ThreadSanitizer](#threadsanitizer) a fast data race detector. +* Those that apart from testing, may be used on production: + * [ControlFlowIntegrity](#controlflowintegrity) LLVM Control Flow Integrity (CFI) provides + forward-edge control flow protection. + * [KernelControlFlowIntegrity](#kernelcontrolflowintegrity) LLVM Kernel Control + Flow Integrity (KCFI) provides forward-edge control flow protection for + operating systems kernels. + * [MemTagSanitizer](#memtagsanitizer) fast memory error detector based on + Armv8.5-A Memory Tagging Extension. + * [ShadowCallStack](#shadowcallstack) provides backward-edge control flow protection. To enable a sanitizer compile with `-Zsanitizer=address`,`-Zsanitizer=cfi`, `-Zsanitizer=hwaddress`, `-Zsanitizer=leak`, `-Zsanitizer=memory`, From 8ebf8bcad4986efb98d4923ad4e115e54ca47dbd Mon Sep 17 00:00:00 2001 From: Disconnect3d Date: Sat, 25 Mar 2023 16:57:00 +0100 Subject: [PATCH 2/4] Update src/doc/unstable-book/src/compiler-flags/sanitizer.md Co-authored-by: est31 --- src/doc/unstable-book/src/compiler-flags/sanitizer.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/doc/unstable-book/src/compiler-flags/sanitizer.md b/src/doc/unstable-book/src/compiler-flags/sanitizer.md index 14c51df644ebc..17a8fcb97eb24 100644 --- a/src/doc/unstable-book/src/compiler-flags/sanitizer.md +++ b/src/doc/unstable-book/src/compiler-flags/sanitizer.md @@ -16,7 +16,7 @@ This feature allows for use of one of following sanitizers: * [LeakSanitizer](#leaksanitizer) a run-time memory leak detector. * [MemorySanitizer](#memorysanitizer) a detector of uninitialized reads. * [ThreadSanitizer](#threadsanitizer) a fast data race detector. -* Those that apart from testing, may be used on production: +* Those that apart from testing, may be used in production: * [ControlFlowIntegrity](#controlflowintegrity) LLVM Control Flow Integrity (CFI) provides forward-edge control flow protection. * [KernelControlFlowIntegrity](#kernelcontrolflowintegrity) LLVM Kernel Control From c1d5639930e38b995e9096cae5a9e06a3d47d0d7 Mon Sep 17 00:00:00 2001 From: Disconnect3d Date: Tue, 8 Aug 2023 23:16:37 +0200 Subject: [PATCH 3/4] Update sanitizer.md --- src/doc/unstable-book/src/compiler-flags/sanitizer.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/doc/unstable-book/src/compiler-flags/sanitizer.md b/src/doc/unstable-book/src/compiler-flags/sanitizer.md index ad4bcc22793c5..7a975840d7b5c 100644 --- a/src/doc/unstable-book/src/compiler-flags/sanitizer.md +++ b/src/doc/unstable-book/src/compiler-flags/sanitizer.md @@ -1,5 +1,10 @@ # `sanitizer` +Sanitizers are tools that help detect and prevent various types of bugs and vulnerabilities in software. +They are available in compilers and work by instrumenting the code to add additional runtime checks. +While they provide powerful tools for identifying bugs or security issues, it's important to note that using sanitizers can introduce runtime overhead and might not catch all possible issues. +Therefore, they are typically used alongside other best practices in software development, such as testing and fuzzing, to ensure the highest level of software quality and security. + The tracking issues for this feature are: * [#39699](https://github.com/rust-lang/rust/issues/39699). From 2646aa28d19dad485f31260c9a6e6be6f486012b Mon Sep 17 00:00:00 2001 From: Disconnect3d Date: Tue, 8 Aug 2023 23:44:35 +0200 Subject: [PATCH 4/4] Update sanitizer.md --- src/doc/unstable-book/src/compiler-flags/sanitizer.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/doc/unstable-book/src/compiler-flags/sanitizer.md b/src/doc/unstable-book/src/compiler-flags/sanitizer.md index 7a975840d7b5c..1fb9d6b378d24 100644 --- a/src/doc/unstable-book/src/compiler-flags/sanitizer.md +++ b/src/doc/unstable-book/src/compiler-flags/sanitizer.md @@ -1,8 +1,8 @@ # `sanitizer` -Sanitizers are tools that help detect and prevent various types of bugs and vulnerabilities in software. -They are available in compilers and work by instrumenting the code to add additional runtime checks. -While they provide powerful tools for identifying bugs or security issues, it's important to note that using sanitizers can introduce runtime overhead and might not catch all possible issues. +Sanitizers are tools that help detect and prevent various types of bugs and vulnerabilities in software. +They are available in compilers and work by instrumenting the code to add additional runtime checks. +While they provide powerful tools for identifying bugs or security issues, it's important to note that using sanitizers can introduce runtime overhead and might not catch all possible issues. Therefore, they are typically used alongside other best practices in software development, such as testing and fuzzing, to ensure the highest level of software quality and security. The tracking issues for this feature are: