A bug in Rust component that could have led to Windows kernel compromise was detected with a C/C++ program?
Excuse me while I just sit over here and snicker for a bit at the irony.
I don't think this bug could have led to a kernel compromise unless you count a DoS as a kernel compromise, which I'm a bit skeptical of. From the article:
> Notably, the system crash was triggered by this new kernel component designed to improve security, as suggested by the name of the panic_bounds_check() function referenced in the stack trace shown in Figure 2.
Later:
> When the region_from_path_mut() function converts a path into a region it represents the outline as a singly linked list of edge blocks. The program detects the out-of-bounds memory access via core::panicking::panic_bounds_check() and triggers a SYSTEM_SERVICE_EXCEPTION.
And from Microsoft's assessment of the bug:
> “the Rust code correctly catches an out-of-bounds array access and triggers a panic, resulting in a Blue Screen of Death (BSOD), as expected”
Furthermore, from the implementation of core::panicking::panic_bounds_check() [0]:
#[lang = "panic_bounds_check"] // needed by codegen for panic on OOB array/slice access
fn panic_bounds_check(index: usize, len: usize) -> ! { ... }
[0]: https://doc.rust-lang.org/stable/src/core/panicking.rs.html
dcsommer•2mo ago
tialaramex•2mo ago
ekidd•2mo ago
This is a substantial improvement over the status quo.
Tools like WUFFS may be more appropriate for low level parsing logic when you're not willing to risk controlled panics, however.