Question for Rust people: when you use a C library, and you write a safe interface around it, is it common to build that C library with AddressSanitizer? (if not, why not?)
Conversation
I build and test as much code as possible with asan+ubsan. I've found too many bugs in both my code and libraries to trust code review of unsafe programming. But deploying with asan? If I'm willing to trade off that much performance for safety something has gone seriously awry.
1
Quote Tweet
Replying to @kripken
ASan isn't designed for providing safety / hardening and doesn't do a good job of mitigating vulnerabilities. It also adds extra attack surface and may make you worse off than not using it. It's not a memory safety implementation for C. It's a way to detect common cases of bugs.
I've heard this before, but I've heard of canaries running with sanitizers. Has anyone demonstrated exploiting those?
1
The issue is mostly that people misunderstand it to be a hardening measure rather than it introducing new ways to do exploitation. It does screw up assorted mitigations and doesn't actually provide safety against overflows, etc. though other than special cases like sequential.
1
Show replies