Ramon de C Valle

I just became a member of the Rust compiler team. Thank you for having me on the team! Much appreciated, and super happy for it blog.rust-lang.org/inside-rust/20…

@standa_t @rcvalle This is why we've been helping fund the development of gccrs (Rust front-end for gcc) since 2021: opensrcsec.com/open_source_se… What's mentioned in Ramon's blog is great work, but only solves the CFI subset of the larger "mixed binary" problem, and only within the LLVM ecosystem.

Porting part of a C/C++ program into Rust can make the program less secure. It has been known for quite some time but was new to me. Great read and work driven by @rcvalle bughunters.google.com/blog/480557116… Read one of the linked papers for more details.

17th edition of H2HC Magazine (the one that we've distributed printed to attendees at H2HC 20th) is finally online, with articles in English as well (Attacking the Linux Kernel Free List Hardening & LLVM Rust CFI): h2hc.com.br/revista

Great work on cross-language LLVM CFI support for Rust! Kudos to @rcvalle 👏

Want to know how we are working with the Rust community to add LLVM CFI and cross-language LLVM CFI to the Rust compiler? Eliminating the most critical instances of cross-language attacks in mixed-language binaries (cont) spklr.io/l/6015mABf

#h2hc #h2hc2023 #h2hconference #h2hconference2023 #infosec #rust

This eliminates the most critical instance of cross-language attacks in mixed-language binaries, helping not only Google, but also the industry with secure Rust adoption. Here is the article/blog post for my talk at #H2HC: rcvalle.com/blog/2023/12/0…

Last Saturday I talked at @h2hconference and shared the results of working with the Rust community to add LLVM CFI and cross-language LLVM CFI to the Rust compiler...

Here is the article/blog post for my talk at @h2hconference today: rcvalle.com/blog/2023/12/0… #h2hc #infosec #rust

@spendergrsec I don't think it's properly fixed yet. I made a note more recently about it, which was the last time I looked at it, at #appendix" target="_blank" rel="nofollow noopener">rcvalle.com/2020/09/16/rus…

@rcvalle that seems to be read-implies-exec though (which also was never an issue for us, and I think upstream maybe addressed recently?) and not this, which is just normal PT_GNU_STACK implementation stuff.

seclists.org/fulldisclosure… would fail at step 'a' on #grsecurity, we don't honor PT_GNU_STACK on libraries exactly to avoid "surprising behavior" like this.