Stream: wg-secure-code

Topic: hello


Welcome Bot (Oct 16 2018 at 22:19, on Zulip):

Welcome to #wg-secure-code.

Description: Secure code working group https://github.com/rust-secure-code/wg/

nikomatsakis (Oct 16 2018 at 22:20, on Zulip):

@Joshua Liebow-Feeser done

nikomatsakis (Oct 16 2018 at 22:20, on Zulip):

I'll add this to the "default streams", but existing users will have to add themselves

nikomatsakis (Oct 16 2018 at 22:20, on Zulip):

(or you can add them)

nikomatsakis (Oct 16 2018 at 22:20, on Zulip):

(I always put all streams in the default set, because people get confused otherwise)

Joshua Liebow-Feeser (Oct 16 2018 at 22:21, on Zulip):

Alright, thanks so much! Is there a notion of being a mod in a particular stream? I know Ashley wanted somebody to be able to mod this stream.

nikomatsakis (Oct 16 2018 at 22:21, on Zulip):

hmm, I don't know precisely how that works. I can add some set of folks as Zulip admins if nothing else

nikomatsakis (Oct 16 2018 at 22:22, on Zulip):

@Joshua Liebow-Feeser can you ping me about that tomorrow? I gotta run now =)

Joshua Liebow-Feeser (Oct 16 2018 at 22:22, on Zulip):

Will do!

Tony Arcieri (Oct 16 2018 at 22:33, on Zulip):

hi everyone

Tony Arcieri (Oct 16 2018 at 22:33, on Zulip):

looks like the Zulip native app doesn't work with Google Auth + Advanced Protection :cry:

Stuart Small (Oct 16 2018 at 22:34, on Zulip):

Howdy

Tony Arcieri (Oct 16 2018 at 22:34, on Zulip):

let's try GitHub instead

Tony Arcieri (Oct 16 2018 at 22:36, on Zulip):

that worked

Zach Reizner (Oct 16 2018 at 22:44, on Zulip):

Hi, I heard about the Rust secure code working group from Alex Gaynor and I was wondering if this is the best place (and the github group) to follow along?

Joshua Liebow-Feeser (Oct 16 2018 at 22:44, on Zulip):

It is indeed.

Zach Reizner (Oct 16 2018 at 22:47, on Zulip):

Thanks

Joshua Liebow-Feeser (Oct 16 2018 at 22:52, on Zulip):

np

Zach Reizner (Oct 16 2018 at 22:55, on Zulip):

Just to introduce myself, I'm a core developer of crosvm, a virtual machine monitor written in Rust. Because it communicates directly with untrusted guest operating systems, it acts as a security boundary.

Tony Arcieri (Oct 16 2018 at 23:06, on Zulip):

I'm Tony Arcieri. I'm cofounder of https://iqlusion.io and formerly worked on the Square security team. My most notable Rust projects are (by crate name) miscreant: an AES-SIV/AES-PMAC-SIV library, signatory: a multi-provider digital signature library, and yubihsm: a pure Rust YubiHSM2 client library

Joshua Liebow-Feeser (Oct 16 2018 at 23:10, on Zulip):

I'm Joshua Liebow-Feeser. I'm on the security team for Google's Fuchsia OS. My most notable Rust projects are probably the elfmalloc allocator suite (https://github.com/ezrosent/allocators-rs), but more recently, I've been working on lots of utility crates to save programmers from having to write unsafe. I'm talking about some of that stuff at Rust Belt Rust this week.

Tony Arcieri (Oct 16 2018 at 23:12, on Zulip):

this crate might be of interest to some of you: a cross-platform secure memory zeroing crate. It's the sort of thing I think could be turned into an RFC. also I'd be interested in adding Fuchsia support if you can point me in the right direction: https://crates.io/crates/zeroize

Joshua Liebow-Feeser (Oct 16 2018 at 23:12, on Zulip):

Let's go full Zulip and pull this into a new topic.

Tony Arcieri (Oct 16 2018 at 23:13, on Zulip):

there are several crates which do that sort of thing but to my knowledge ^^^ is the only one that exclusively uses either OS or LLVM (on nightly) intrinsics to do secure zeroing

Tony Arcieri (Oct 16 2018 at 23:13, on Zulip):

haha great, although I have to run

Stuart Small (Oct 17 2018 at 01:01, on Zulip):

Since we are doing introductions. I'm Stuart Small. I'm work at Threat X (threatx.com). We are a WAF vendor is out to make deploying WAFs a painfree, productive process and not just another compliance check box. Our back end is almost completely written in rust.

Jake Goulding (Oct 17 2018 at 01:55, on Zulip):

It's clearly unacceptable to have both @Stuart Small's and @Joshua Liebow-Feeser's avatars. I'll never be able to remember who is who.

Zach Reizner (Oct 17 2018 at 01:56, on Zulip):

It's clearly unacceptable to have both @Stuart Small's and @Joshua Liebow-Feeser's avatars. I'll never be able to remember who is who.

I'm really glad that I wasn't the only one thinking that.

Stuart Small (Oct 17 2018 at 01:57, on Zulip):

That's baby's first computer back in the long long ago.

Alex Gaynor (Oct 17 2018 at 02:00, on Zulip):

:wave: I'm Alex. I do security for Firefox at Mozilla (primarily sandboxing, but also exploit mitigation and such). I'm also one of the primary developers of the Python Cryptographic Authority family of libraries and I'm on the Python Security Response Team. I also do a bunch of random security research on open source projects (e.g. helping projects integrate with OSS-Fuzz).

Zach Reizner (Oct 17 2018 at 02:02, on Zulip):

Hi Alex. Thanks for showing me this group.

Jake Goulding (Oct 17 2018 at 02:03, on Zulip):

@Stuart Small oh no, I was kidding! Now I feel bad.

Stuart Small (Oct 17 2018 at 02:05, on Zulip):

LOL don't!

Shnatsel (Oct 18 2018 at 19:56, on Zulip):

I'm Sergey Davidoff. My day job is not related to security - I got hired by Google, going to work on Kubernetes starting November.
My involvement in Rust was mostly about fuzzing all the things and blogging about it. You might remember me by "Auditing popular crates: how a one-line unsafe has nearly ruined everything" post. My blogging has inspired https://github.com/blt/bughunt-rust among other things. I've also written libdiffuzz, the security-oriented substitute for Memory Sanitizer.

Bujiraso (Oct 19 2018 at 10:17, on Zulip):

very new to Zulip. Testing out replying in a thread. Hey all

Shnatsel (Nov 04 2018 at 10:58, on Zulip):

Just a heads-up: I've relocated to Warsaw permanently, and will be at Zurich 6th to 10th of November and also sometime at the end of November for a week. Will mostly be hanging out near Google offices in both cities. If you want to meet up and chat, let me know!

brycx (Nov 05 2018 at 22:15, on Zulip):

Hi, I'm Louis (and late to the party). I'm a undergrad with interests in security(duh)/cryptography. The amount of work I can contribute is most likely slim (I've read through some of the streams, much is over my head atm), but I'll call out if I see something I can be of help with.

Zach Reizner (Nov 05 2018 at 22:18, on Zulip):

You're the Orion author, right? Welcome aboard :sailboat:

brycx (Nov 05 2018 at 22:24, on Zulip):

That I am :slight_smile: and thank you!

brycx (Nov 05 2018 at 22:35, on Zulip):

TBH, I'm somewhat flattered you've even heard of it

Zach Reizner (Nov 05 2018 at 22:42, on Zulip):

I just so happen to have been looking for some decent nacl/libsodium implementations for Rust.

brycx (Nov 05 2018 at 22:47, on Zulip):

Which did you end up with?

Zach Reizner (Nov 05 2018 at 22:47, on Zulip):

I have not finished deciding. Do you have a favorite?

brycx (Nov 05 2018 at 22:54, on Zulip):

If you don't mind wrappers then I'd suggest sodiumoxide, which is the only libsodium Rust lib I know of that is used in production. Currently being used by Wire for their Axolotl protocol implementation "Proteus". "Proteus" has been audited and that lead to some parts of sodiumoxide being audited too. In terms of pure-Rust, I actually think orion is the only lib to offer the XChaCha20Poly1305 AEAD (sodiumoxide does, but not in the version published on crates.io), but of course it always depends on what you need.

DPC (Nov 06 2018 at 19:12, on Zulip):

@brycx yeh we are a bit behind on releasing stuff and moving things forward. If anyone wants to join in and help us let me know :)

brycx (Nov 06 2018 at 20:55, on Zulip):

I might actually consider it myself. I've been meaning to get my feet wet with some FFI anyway. I'll take a look at the issues and see if something is up my ally.

Shnatsel (Nov 06 2018 at 20:58, on Zulip):

I believe @Joshua Liebow-Feeser has a crate that's public but not yet announced that provides safe abstractions for many common unsafe operations

brycx (Nov 06 2018 at 21:01, on Zulip):

I think @DPC was talking about sodiumoxide.

DPC (Nov 06 2018 at 21:01, on Zulip):

yep I was :D

Zach Reizner (Nov 06 2018 at 21:04, on Zulip):

Do crypto libraries fall under the purview of wg-secure-code? I ask because I was about to break sodiumoxide into a separate stream.

brycx (Nov 06 2018 at 21:08, on Zulip):

I actually think they were specifically decided to be out-of-scope https://internals.rust-lang.org/t/proposal-security-working-group/8282/134 :sweat:

DPC (Nov 06 2018 at 21:08, on Zulip):

we have our own gitter channel though. So anyone interested can join us there. https://gitter.im/rust-sodiumoxide/Lobby

Joshua Liebow-Feeser (Nov 06 2018 at 21:58, on Zulip):

@brycx If you're interested in FFI, you might want to check out what we've done in Mundane. It's internal right now, but I've had on the back burner the idea of factoring the FFI stuff out into its own crate. I'm not going to get around to it any time soon, so if you'd like to work on that, that'd be awesome! See here for details on how we do it: https://github.com/google/mundane/blob/master/src/boringssl/mod.rs

brycx (Nov 06 2018 at 22:22, on Zulip):

I actually stumbled across Mundane while searching for some test vectors for my own project. Didn't know Mundane needed work. It's nice that it's interfacing with BoringSSL, might even be that I can look at ring's FFI for reference to get an easier start on it (still going to take me a decent amount of time anyway I think). I'll definitely be looking further into this. Thanks @Joshua Liebow-Feeser.

Joshua Liebow-Feeser (Nov 06 2018 at 22:27, on Zulip):

np!

Tony Arcieri (Nov 13 2018 at 14:33, on Zulip):

can still talk about crypto libraries :wink: oh look, here's one https://joshlf.com/post/2018/11/06/introducing-mundane/

DevQps (Mar 13 2019 at 09:47, on Zulip):

Assuming the reason that this channel is called hello for saying hello: Hello! :) I just graduated from my master Computer Science with a specialization on Cyber security. I have been learning Rust for the past 3/4 months and I really love the language. Then I saw this Working Group fly by and I thought: Maybe I can be of any assistance here? Can you guys maybe point me to the right things to get up to date with everything? Thanks in advance!

Shnatsel (Mar 13 2019 at 19:25, on Zulip):

Hey @DevQps! We have a roadmap post for this year with lots and lots of links, it should get you up to speed: https://medium.com/@shnatsel/security-as-rust-2019-goal-6a060116ba39

DevQps (Mar 13 2019 at 19:32, on Zulip):

Thanks! I was off the whole midday, so I actually already read through the entire post and crawled all the links haha. It really was interesting! Do you suggest reading through the topics inside this Stream and join the crew at one I like? Or do you have any particular area's or topics in mind that could use an extra brain? EDIT: I read somewhere that you were the author, so kudo's to writing it as well. It's really nice in my opinion

Shnatsel (Mar 13 2019 at 19:57, on Zulip):

If you want to do something useful to the community without committing to a big project, I'd start here: https://github.com/rust-secure-code/wg/issues/19
Just find a crate you like that has unsafe code in it and see what you can do about removing that.

Shnatsel (Mar 13 2019 at 19:59, on Zulip):

If you can't pick a project, https://github.com/PistonDevelopers/image is probably a good start - it has some unsafe code that should not really be necessary.

Shnatsel (Mar 13 2019 at 19:59, on Zulip):

Or if you want to get your feet wet with fuzzing, it has plenty of panics you can find that way. Most of it was last fuzzed ~2 years ago, they've introduced a lot of bugs since then.

DevQps (Mar 13 2019 at 20:02, on Zulip):

Sounds good to me! I'll see what I can do in the next weeks! I'll probably give my piece of mind at some topics as well :)

Shnatsel (Mar 13 2019 at 20:03, on Zulip):

https://github.com/sile/libflate definitely could be stripped of some of its unsafes without performance hit. I have found one out-of-bounds read bug in it already.
https://github.com/m4b/goblin also has unsafe in ELF parser where it's not really required.
https://github.com/ruuda/claxon also probably could be refactored to get rid of unsafes

DevQps (Mar 13 2019 at 20:03, on Zulip):

Thanks for the pointers!

Shnatsel (Mar 13 2019 at 20:13, on Zulip):

Ooof, libflate got hit by another out-of-bounds read: https://github.com/sile/libflate/issues/21
@DevQps definitely prioritize libflate for unsafe-purging!

Joshua Liebow-Feeser (Mar 13 2019 at 20:14, on Zulip):

Also, @DevQps , when you're doing that, it'd be good to keep a record of what the purpose of the original unsafe code was. We're trying to get a sense for what people are using unsafe for so we know what utilities to write to obviate their need to do that.

DevQps (Mar 13 2019 at 23:00, on Zulip):

It's 0:00 and I need to work tomorrow morning, but with a bit of luck I'll be able to work on it during the midday! I'll let you know if I have any results. @Joshua Liebow-Feeser I will do that as well!

DevQps (Mar 13 2019 at 23:08, on Zulip):

Ooof, libflate got hit by another out-of-bounds read: https://github.com/sile/libflate/issues/21
DevQps definitely prioritize libflate for unsafe-purging!

It seems like someone already fixed it but forgot to close the issue! (At least he said he fixed it in a commit inside master). I heard some stories about patching using cargo yank, but I am not yet too familiar with that. I hope to read on that soon as well. I wonder if the author that fixed the issue patched previous versions as well.

Last update: Nov 11 2019 at 22:00UTC