https://github.com/brson/rust-chamber
Rust as sandbox
https://github.com/brson/rust-chamber
Last synced: 10 months ago
JSON representation
Rust as sandbox
- Host: GitHub
- URL: https://github.com/brson/rust-chamber
- Owner: brson
- Created: 2014-07-19T06:12:59.000Z (almost 12 years ago)
- Default Branch: master
- Last Pushed: 2014-08-08T00:13:52.000Z (almost 12 years ago)
- Last Synced: 2024-12-15T17:51:16.926Z (over 1 year ago)
- Language: Rust
- Size: 543 KB
- Stars: 35
- Watchers: 5
- Forks: 1
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Enter the Rust Chamber
This is a compiler that sandboxes software using only the Rust language.
Please do not use Rust as a language-based sandbox.
## Why do this?
Because Rust is so all about memory safety,
*Rust code that has no unsafe blocks and that has no access to libraries
has severely reduced ability to cause mayhem.*
Chamber creates a controlled environment for fuzzing, attacking, and torturing the compiler and libraries.
It provides a framework for attempting to violate Rust's safety guarantees.
## Building
`cargo build`
## Running
```
target/chamber breakme.rs
```
This will create the `breakme` bin. (If you get an error about not finding std
you may need to pass the `--sysroot` flag).
Chamber comes with a simple 'baseline' chamber, `rcr_baseline`,
which reexports nearly all of the Rust Core Library,
and links to it by default.
To specify a different chamber,
pass its name behind the `--chamber` flag:
```
target/chamber breakme.rs --chamber rcr_custom
```
By default Chamber will look in `.`, `./target`, and `./target/deps`,
to find chambers, as well as the normal rustc search paths.
The search path can be augmented with `-L`.
The stock Rust Standard Library itself is a chamber:
```
target/chamber breakme.rs --chamber std
```
The above is equivalent to the default rustc behavior plus Chamber's blacklist plugin.
## How it works
Chamber is a customized Rust compiler.
It links to rustc directly to augment its behavior.
Compared to stock `rustc` there are two major differences:
1. It injects an arbitrary crate as the standard library, including
prelude and macros. This is called a 'chamber'.
2. It uses lint passes to blacklist unsafe features, including
linking to any other crate.
Chambers do not need to be 'freestanding';
they may link to std,
and chambered libraries may be intermixed freely with normal Rust libraries.
Chamber is a simple program and is structured for readability.
It is a good demonstration of embedding rustc, as well as creating rustc plugins,
and incorporating both into Cargo packages.
See [`src/chamber/lib.rs`](src/chamber/lib.rs).
## Blacklisted language features
Some Rust features make it easy to break memory safety.
These are turned off.
* `extern crate`
* `unsafe` blocks
* `#[feature(...)]`
* `#[no_mangle]`
## Chambers
Only one chamber exists right now.
* rcr_baseline. This is a chamber that others can build off of. It
exposes all of the API's from the core library except for
`core::any`, which has potential issues with forging type hashes,
and `core::intrinsics`, which I didn't want to look through
carefully, but mostly can't be called anyway.
## What Rust does and does not promise
TODO: looping, unwinding, stack overflow, memory leaks, abort, oom
## TODO
* Investigate safety of built-in syntax extensions.
* Fix feature gate pass
* Add conveniences API's for compiling .rs, putting the binary into a
separate process and detecting the special 'ok' crash conditions
(stack overflow, double fail).
* Investigate impact of native rt injection.
* Add more chambers.
* Disallow #[no_mangle]