Techly NewsGet the app

Get the latest tech news

Let rand = main as usize (2022)


The other day I made a joke on twitter, and learned some interesting things about raw pointers in Rust. The abridged joke goes something like this: Yosh: What do you mean Rust doesn't ship with randbuilt-in? Me: ASLR to the rescue! fn main() { let rand = main as usize; dbg!(rand); } Part 1: Explaining the joke § Explaining the joke is bad form, but there is some valuable technical detail here.

When software has memory safety bugs like buffer overflows, it's easy for an attacker to blast hostile data into a process's stack. That hostile data could replace the address that the currently running function will return to, giving the attacker the ability to execute some arbitrary instructions. For those expecting to the usual Rust guard rails, it's surprising that the compiler allows casting between arbitrary raw pointer types outside of an unsafe block.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of rand

rand

Photo of usize

usize

Related news:

News photo

Evolving the Go Standard Library with math/rand/v2

News photo

Vodacom Opposes Order to Pay Ex-Employee Billions of Rand

« Review: Three Weeks With the M2 iPad Air