Published in News

20 per cent of Rust Crates have 'Unsafe' Keyword

by on27 May 2024

Rust Foundation admits it… sort of

The Rust Foundation has been doing its best to reveal a security issue with Rust while at the same time telling the world how wonderful it is.

The news is that 20 per cent of Rust Crates have an unsafe keyword, but you would be hard pressed to know that basic fact by reading the Rust Foundation blog,

The Blog reminds readers that Rust programmes "cannot compile if memory management rules are violated, eliminating the possibility of a memory issue at runtime."

But then it explores "Unsafe Rust in the wild" (used for a small set of actions like dereferencing a raw pointer, modifying a mutable static variable, or calling unsafe functions).

"At a superficial glance, Unsafe Rust might undercut the memory-safety benefits Rust is increasingly celebrated for. In reality, the unsafe keyword comes with special safeguards. It can be a powerful way to work with fewer restrictions when a function requires flexibility, so long as standard precautions are used."

The Foundation lists those available safeguards — which "make exploits rare — but not impossible." But then they go on to analyse just how much Rust code uses the unsafe keyword:

The canonical way to distribute Rust code is through a crate package. As of May 2024, there are about 145,000 crates, of which approximately 127,000 contain significant code. Of those 127,000 crates, 24,362 use the unsafe keyword, 19.11 per cent of all crates. And 34.35 per cent make a direct function call into another crate that uses the unsafe keyword [according to numbers derived from the Rust Foundation project Painter]. Nearly 20 per cent of all crates have at least one instance of the unsafe keyword, a non-trivial number.

Most of these Unsafe Rust uses are calls into existing third-party non-Rust language code or libraries, such as C or C++. In fact, the crate with the most uses of the unsafe keyword is the Windows crate, which allows Rust developers to call into various Windows APIs.

The Foundation insists that this does not mean that the code in these Unsafe Rust blocks are inherently exploitable (a majority or all of that code is most likely not), but that special care must be taken while using Unsafe Rust in order to avoid potential vulnerabilities.

The blog says that “Rust lives up to its reputation as an excellent and transformative tool for safe and secure programming” even when it is Unsafe.

“But this reputation requires resources, collaboration, and constant examination to uphold properly. For example, the Rust Project is continuing to develop tools like Miri to allow the checking of unsafe Rust code.”

 The Rust Foundation’s  Technology team has developed new tools like [dependency-graphing] Painter, TypoMania [which checks package registries for typo-squatting] and Sandpit [an internal tool watching for malicious crates]... giving users insight into vulnerabilities before they can happen and allowing for a quick response if an exploitation occurs.

Last modified on 28 May 2024
Rate this item
(0 votes)