Stream: wg-secure-code

Topic: #black_magic in Rust community discord


Shnatsel (Jul 05 2019 at 21:13, on Zulip):

Me auditing libflate and bragging about it has set off a chain of events that led to discovery of UB in spin crate (used by lazy_static in #[no_std] mode) plus a hopefully safer rewrite, discovery of UB in image as well as further audit of minix_oxide and reqwest that's currently ongoing.
This was made possible by @Lokathor creating a #black_magic channel in Rust community Discord (https://bit.ly/rust-community) which attracted people who know UB when they see it. This looks like a solid start for the "safety effort similar to libs blitz" goal for this year.
Sadly I will not be able to lead that charge for much longer because I have a month of being mostly if not totally offline ahead of me, but I'm really glad to see that it's happening.

Shnatsel (Jul 05 2019 at 21:14, on Zulip):

And by the way, the new rewritten spin crate could use an audit.
PR: https://github.com/mvdnes/spin-rs/pull/66
Code without the annoying diffs: https://github.com/64/spin-rs/blob/master/src/rw_lock.rs

Shnatsel (Jul 05 2019 at 21:18, on Zulip):

The libs-blitz-like effort could use some organizational resources - mostly a structured(ish) guide to doing it plus a way for people to claim crates for audit to avoid duplication of effort and also a way to track results. The results will be very helpful to inform clippy lints and/or new safe abstractions.

simulacrum (Jul 05 2019 at 21:19, on Zulip):

cargo crev might be an interesting way to track progress

Shnatsel (Jul 05 2019 at 21:22, on Zulip):

Yeah, I thought of that already. Maybe not track as it's ongoing, but record the results of you analysis in crev - definitely.

Shnatsel (Jul 05 2019 at 21:25, on Zulip):

actually I should record the fact that I cleansed libflate of unsafety in crev

Shnatsel (Jul 05 2019 at 21:26, on Zulip):

and file RustSec advisories too

Tony Arcieri (Jul 06 2019 at 14:46, on Zulip):

nice

Tony Arcieri (Jul 06 2019 at 15:16, on Zulip):

so wait, safe libflate needs Vec::append_from_within or not?

Shnatsel (Jul 06 2019 at 15:22, on Zulip):

It does need it. I've just copied the implementation from RFC into a crate, so the unsafe block is now in a crate instead of libflate itself.

Tony Arcieri (Jul 06 2019 at 15:23, on Zulip):

aah

Shnatsel (Jul 06 2019 at 16:34, on Zulip):

the other missing part is safely creating a CString from Vec<NonZeroU8>

Shnatsel (Jul 07 2019 at 18:52, on Zulip):

@Tony Arcieri could you create a repo called "safety blitz" under the WG? We'll use the issue tracker mostly, to keep track of which crates were audited and which still need auditing. And if they can't be made unsafe-free, what's stopping them

Shnatsel (Jul 07 2019 at 18:52, on Zulip):

I cannot create repos due to legal restrictions

Shnatsel (Jul 07 2019 at 18:55, on Zulip):

Looks like I've started https://github.com/rust-secure-code/wg/issues/19 without really intending to

Matt Taylor (Jul 07 2019 at 19:10, on Zulip):

safety 'blitz' implies some sort of temporary project, maybe there's a better name?

Shnatsel (Jul 07 2019 at 19:14, on Zulip):

It was kind of intended to be temporary - we audit the key crates of the ecosystem, remove unsafety from them and add clippy lints or safe abstractions that allow doing the same things safely where it wasn't possible before. That should prevent any further unsafety creep. Moreover, many of these abstractions have already landed, like to_bytes/from_bytes, and crates just need to be brought up to date.

Matt Taylor (Jul 07 2019 at 19:24, on Zulip):

fair enough

Shnatsel (Jul 11 2019 at 13:33, on Zulip):

@Tony Arcieri ping? Any updates on this?

Tony Arcieri (Jul 11 2019 at 14:03, on Zulip):

ohai, whoops https://github.com/rust-secure-code/safety-blitz

Tony Arcieri (Jul 11 2019 at 14:49, on Zulip):

@Shnatsel I have been informed "blitz" as a name did not go over well for the "libs blitz" and perhaps we should select something different

Tony Arcieri (Jul 11 2019 at 14:49, on Zulip):

safety dance? :sweat_smile:

Tony Arcieri (Jul 11 2019 at 14:50, on Zulip):

pasted image

Tony Arcieri (Jul 11 2019 at 14:57, on Zulip):

I have been told to ask #community-team for help on Discord if we have trouble coming up with a name

Florian Gilcher (Jul 11 2019 at 14:57, on Zulip):

heh, eh. yeah, hi!

Florian Gilcher (Jul 11 2019 at 14:57, on Zulip):

also you can just ask any question here

Tony Arcieri (Jul 11 2019 at 14:57, on Zulip):

:+1:

Florian Gilcher (Jul 11 2019 at 15:09, on Zulip):

Also, with these kinds of projects: habitually ping the community team to help you in marketing :). That's what we're there for!

Tony Arcieri (Jul 11 2019 at 15:18, on Zulip):

yes, thank you!

Tony Arcieri (Jul 11 2019 at 15:18, on Zulip):

I have tentatively renamed the repo to safety-dance and I guess I'll see what @Shnatsel thinks

Shnatsel (Jul 11 2019 at 21:57, on Zulip):

IDK, I have an image of dance in programming as something negative. Like, writing boilerplate or some such.

Shnatsel (Jul 11 2019 at 21:58, on Zulip):

Also apologies for my low participation lately, I'm currently traveling

Tony Arcieri (Jul 11 2019 at 23:01, on Zulip):

@Shnatsel #community-team (on Discord) has offered to help pick a name if you don't like safety-dance

Tom Phinney (Jul 11 2019 at 23:55, on Zulip):

For me, "dance" is actually somewhat appropriate, given the circuitous coding that is sometimes necessary to avoid momentary exposure to UB. But I think of it more like dancing on hot coals, because of the difficulty in determining the steps needed to get safely from the starting point to the finish line.

Matt Taylor (Jul 13 2019 at 13:35, on Zulip):

how about: safety-survey, unsafety-purge, safety-audit, safety-probe, safety-review

Tom Phinney (Jul 13 2019 at 13:42, on Zulip):

+1 for unsafety-purge or safety-review. For me, the terms survey, audit and probe all have somewhat inaccurate connotations.

Shnatsel (Jul 13 2019 at 16:09, on Zulip):

I defer to the community team on this.

Shnatsel (Jul 13 2019 at 17:10, on Zulip):

I've described the effort in more detail in #community-team on the official Rust Discord, waiting for their input

Tony Arcieri (Jul 20 2019 at 16:38, on Zulip):

this is neat @Joshua Liebow-Feeser https://www.reddit.com/r/rust/comments/cfh8la/thinking_of_using_unsafe_try_this_instead/

Joshua Liebow-Feeser (Jul 20 2019 at 19:24, on Zulip):

Thanks!

Last update: Nov 11 2019 at 22:00UTC