Since the ClamAV team is rewriting (parts of) ClamAV in the Rust programming language, this paper might be relevant. Of course you may have already seen it, or may be so experienced in Rust that you already know most of what the paper puts forth.
From my reading, the main point of the paper I mention is that interfacing between two (or more) languages which have different memory models, with different approaches to allocation and de-allocation, can give rise to *security* problems when sharing in-memory data between the two languages. The pre-existing code in each language may be fine within that language, but when in-memory data goes from one to the other, unpleasant surprises, including *new* security flaws, can occur. (A ridiculously simple analogue would be passing numbers between a big-endian environment and a little-endian environment: you can't just directly pass the bytes). Anyway, here is the paper: “Rewrite it in Rust” Considered Harmful? Security Challenges at the C-Rust FFI [Foreign Function Interface] https://goto.ucsd.edu/~rjhala/hotos-ffi.pdf I would be interested in any reactions. Paul Kosinski _______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
