I just became a member of the Rust compiler team. Thank you for having me on the team! Much appreciated, and super happy for it
https://t.co/jA7XeUTN8t
@standa_t@rcvalle This is why we've been helping fund the development of gccrs (Rust front-end for gcc) since 2021: https://t.co/3j2nOKpFpM What's mentioned in Ramon's blog is great work, but only solves the CFI subset of the larger "mixed binary" problem, and only within the LLVM ecosystem.
Porting part of a C/C++ program into Rust can make the program less secure.
It has been known for quite some time but was new to me. Great read and work driven by @rcvalle
https://t.co/J4goh3Y229
Read one of the linked papers for more details.
17th edition of H2HC Magazine (the one that we've distributed printed to attendees at H2HC 20th) is finally online, with articles in English as well (Attacking the Linux Kernel Free List Hardening & LLVM Rust CFI): https://t.co/DLfV56HIpt
Want to know how we are working with the Rust community to add LLVM CFI and cross-language LLVM CFI to the Rust compiler? Eliminating the most critical instances of cross-language attacks in mixed-language binaries (cont) https://t.co/Ya8KIdgCA1
Last Saturday I talked at @h2hconference and shared the results of working with the Rust community to add LLVM CFI and cross-language LLVM CFI to the Rust compiler...
This eliminates the most critical instance of cross-language attacks in mixed-language binaries, helping not only Google, but also the industry with secure Rust adoption.
Here is the article/blog post for my talk at #H2HC:
https://t.co/fC54V6l9gF
@spendergrsec I don't think it's properly fixed yet. I made a note more recently about it, which was the last time I looked at it, at https://t.co/CXEICxScg0