Skip to content

Exploit Mitigations Project Group Proposal #545

New issue
New issue
Closed
Closed
Exploit Mitigations Project Group Proposal#545
Labels
T-compilerAdd this label so rfcbot knows to poll the compiler teammajor-changeA proposal to make a major change to rustcmajor-change-acceptedA major change proposal that was accepted
@rcvalle

Description

@rcvalle
rcvalle
opened on Aug 16, 2022

Exploit Mitigations Project Group Proposal

The Rust Exploit Mitigations Project Group investigates past, present, and future exploit mitigations, including hardware -assisted or -provided exploit mitigations, and how they apply to Rust and the Rust compiler.

This Project Group aims to maintain and improve the existing, implement, and research new exploit mitigations for the Rust compiler, and allow the Rust community to better understand those exploit mitigations and how they apply to Rust and the Rust compiler.

Leads

rcvalle

Liaisons

cuviper

Charter

  1. What value do you see your group bringing to the organisation?
    Maintain and improve the existing, implement, and research new exploit mitigations for the Rust compiler, and allow the Rust community to better understand those exploit mitigations and how they apply to Rust and the Rust compiler.

  2. What support do you need, and separately want, from the Rust organization?
    None.

  3. Why should this be a project group over a community effort?
    Having a formalized dedicated group of people to maintain, implement, review exploit mitigations -related work, and deliver a coherent messaging to the rest of the team would be really helpful.

  4. What are the goals of your group?
    Short term: add support for missing exploit mitigations (see https://doc.rust-lang.org/rustc/exploit-mitigations.html), and organize and stabilize sanitizers support in the Rust compiler (initially for tier 1 targets and best effort for other tiers). Long term: see answer to question 1.

  5. What are explicitly non-goals of your group?
    Provide security response for the Rust compiler.

  6. What do you expect the relationship to the team be?
    Unobtrusive (i.e., consisting mostly of updates).

  7. How do you intend to make your work accessible to people outside your group?
    Providing comprehensive documentation and updates, such as in Tracking Issue for LLVM Control Flow Integrity (CFI) Support for Rust rust#89653.

  8. Who are the initial shepherds/leaders? (This is preferably 2–3 individuals, but not required.)
    rcvalle (lead) and cuviper (liaison).

  9. Is your group long-running or temporary?
    Long running.

  10. What is the long-term vision of your group?
    See introductory paragraphs of this proposal and answer to question 1.

  11. If applicable, which other groups or teams do you expect to have close contact with?
    LLVM Working Group.

  12. Where do you see your group needing help?
    Sometimes we'll need input from other teams and the community, such as in RFC: Improve C types for cross-language LLVM CFI support rfcs#3296.

Comments

This issue is not meant to be used for technical discussion. There is a Zulip stream for that. Use this issue to leave procedural comments, such as volunteering to review, indicating that you second the proposal (or third, etc), or raising a concern that you would like to be addressed.

Metadata

Metadata

Assignees

No one assigned

    Labels

    T-compilerAdd this label so rfcbot knows to poll the compiler teammajor-changeA proposal to make a major change to rustcmajor-change-acceptedA major change proposal that was accepted

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions