The Rust project has released an update to its standard library, after a vulnerability researcher discovered that a specific function used to execute batch files on Windows systems could be exploited using an injection flaw.
The set of common functions included in the Rust programming language, known as the standard library, offers the ability, among its many other features, to run Windows batch files via the Command API. The function, however, did not process the API inputs rigorously enough to eliminate the possibility of injecting code into execution, according to an advisory from the Rust Security Response Working Group published on April 9th.
While Rust is well known for its memory safety features, the incident highlights that the programming language is not proof against logical bugs, says Yair Mizrahi, senior vulnerability researcher at application security firm JFrog.
“Overall, Rust’s memory safety is a notable benefit, but developers must also pay close attention to the risk of logic bugs to ensure the overall security and reliability of their Rust-based applications,” he says. “To address such logical issues, Rust encourages a rigorous testing and code review process, as well as the use of static analysis tools to identify and mitigate logical bugs.”
Rust has earned a reputation for being a very secure programming language because it doesn’t leave applications open to the often serious class of flaws known as memory safety vulnerabilities. Google attributed a drop of memory-unsafe code to the switch to memory-safe languages, such as Rust and Kotlin, while Microsoft found that until 2018, when it switched to the memory-safe language, such vulnerabilities regularly they accounted for 70% of all security issues.
Windows poses a number of problems
The latest issue is not a memory safety vulnerability, but a problem with the logic used to process untrusted input. Part of the Rust standard library allows the developer to call a function to send a batch file to the Windows machine for processing. There are reasons to push code to the host as a batch file, says Joel Marcey, director of technology at the Rust Foundation, which supports programming language maintainers and the Rust ecosystem.
“Batch files are run for many reasons on systems, and Rust provides an API that allows you to run them quite easily,” he says. “So while this isn’t necessarily the most common use case for Rust, the API, before the correct patch was implemented, allowed attackers to theoretically take control of the system by executing arbitrary commands, and this is definitely a critical vulnerability.”
Typically, a developer can submit a workload to the Windows host to run as a batch job via the Command Applications Programming Interface (API), part of the standard library. Typically, Rust ensures that any call to the Command API is safe, but in this case the Rust project couldn’t find a way to prevent all arguments from being executed, mainly because Windows doesn’t adhere to any kind of standards and because The API could allow an attacker to submit code that would then be executed.
“Unfortunately it was reported that our escape logic was not sufficiently thorough, and it was possible to pass malicious arguments that would lead to arbitrary shell execution,” according to the Rust Security Response WG.
The Rust project proves itself to be responsive
While addressing any vulnerability can be a headache, the Rust project has shown that the group fixes problems quickly, experts say. The vulnerability of the standard library, CVE-2024-24576, is ultimately a problem with Windows batch processing, and affects other programming languages, if they don’t properly parse arguments sent to Windows batch processing. The Rust project appears to be the first to offer a solution for passing arguments to the Windows CMD.exe process, says JFrog’s Mizrahi.
The groups were unable to completely eliminate the problem, but the Command API will not return an error when any improvements passed to the feature may be unsafe, the Rust project said.
JFrog’s Mizrahi urges Rust to expand its use of static application security testing and expand its use of fuzzing and dynamic testing.
“Overall, Rust is on the right track by emphasizing memory safety and encouraging rigorous testing practices,” he says. “Combining these efforts with continued advances in static analysis and fuzzing can help the Rust community and the software industry at large make great strides in addressing logic bugs and input validation flaws in the years to come. come.”