Unsafe programming systems are still very popular, despite the shortcomings due to several published memory-corruption vulnerabilities. Toward defending memory corruption, compilers have started to employ advanced software hardening such as Control-flow Integrity (CFI) and SafeStack. However, there is a broad interest for realizing compilers that impose memory safety with no heavy runtime support (e.g., garbage collection). Representative examples of this category are Rust and Go, which enforce memory safety primarily statically at compile time. Software hardening and Rust/Go are promising directions for defending memory corruption, albeit combining the two is questionable. In this article, we consider hardened mixed binaries, i.e., machine code that has been produced from different compilers and, in particular, from hardened C/C++ and Rust/Go (e.g., Mozilla Firefox, Dropbox, npm, and Docker). Our analysis is focused on Mozilla Firefox, which outsources significant code to Rust and is open source with known public vulnerabilities (with assigned CVE). Furthermore, we extend our analysis in mixed binaries that leverage Go, and we derive similar results. The attacks explored in this article do not exploit Rust or Go binaries that depend on some legacy (vulnerable) C/C++ code. In contrast, we explore how Rust/Go compiled code can stand as a vehicle for bypassing hardening in C/C++ code. In particular, we discuss CFI and SafeStack, which are available in the latest Clang. Our assessment concludes that CFI can be completely nullified through Rust or Go code by constructing much simpler attacks than state-of-the-art CFI bypasses.

中文翻译：

---

利用混合二进制文件

不安全的编程系统仍然非常流行，尽管由于几个已发布的内存损坏漏洞而存在缺陷。为了保护内存损坏，编译器已开始采用高级软件加固，例如控制流完整性 (CFI) 和 SafeStack。然而，对于实现没有大量运行时支持（例如，垃圾收集）的强制内存安全的编译器，人们有广泛的兴趣。该类别的代表性示例是 Rust 和 Go，它们主要在编译时静态地强制执行内存安全。软件强化和 Rust/Go 是保护内存损坏的有希望的方向，尽管将两者结合起来是值得怀疑的。在本文中，我们认为硬化混合二进制文件，即由不同编译器生成的机器代码，特别是从硬化C/C++ 和 Rust/Go（例如，Mozilla Firefox、Dropbox、npm 和 Docker）。我们的分析主要集中在 Mozilla Firefox，它将重要代码外包给 Rust，并且是具有已知公共漏洞的开源（具有指定的 CVE）。此外，我们在利用 Go 的混合二进制文件中扩展了我们的分析，我们得出了类似的结果。本文探讨的攻击不要利用依赖于一些遗留（易受攻击的）C/C++ 代码的 Rust 或 Go 二进制文件。相比之下，我们探讨了 Rust/Go 编译代码如何作为绕过 C/C++ 代码强化的工具。特别是，我们讨论了 CFI 和 SafeStack，它们在最新的 Clang 中可用。我们的评估得出的结论是，通过构建比最先进的 CFI 绕过方法更简单的攻击，可以通过 Rust 或 Go 代码完全消除 CFI。