Rust is an increasingly popular language that is praised for its design that makes it easier to write secure, highly-performant, and modern software. There are major initiatives to rewrite relevant projects in the open source ecosystem and even system software in Rust.

Many people in the security-aware BSD community use and follow Rust professionally but most BSD software is still written in C (and Shell and Perl, if that counts). So I started a little experiment for myself: what does it take to rewrite one of the “daemons” that I wrote for OpenBSD in Rust? Will it allow to implement the security innovations and exploit mitigations in a style that is similar to one of OpenBSD’s C programs?

The uniqueness of Rust is based on its design to enforce correctness – strong type-, memory-, and thread safety guarantees – in a system programming language without the need for garbage collection, a complex runtime, or a VM. A well-known feature is its ownership model and the “borrow checker” and a lesser-known key feature is its approach to thread safety that allows to write super scalable, efficient, async, and multi-threaded networking services.

But Rust itself is no guarantee to get secure software. Many programs either ignore the best practices and use “unsafe” Rust code, use generic instead of strict types, sprinkle the code with harmful panics or casts, or follow all the rules but still run a single-process binary with root access to the system or container. Like any other code, Rust programs require diligent code reviews and proper security-oriented designs; this is my first-hand experience from applying those standards in a larger team that uses the language for a demanding and every-growing backend infrastructure.

This talk follows the experiment of implementing all the small and big features of one of my daemons in Rust and ultimately the daemon itself. The goal is to combine the strengths of Rust with the concepts of OpenBSD; using a similar style that supports the same configuration format and feature set. This is a long-term side project and I’m subsequently releasing the work as open source software, such as the privsep-rs framework. I already have the core privilege-separated program that slowly gains features and, if time permits, I will be able to present a working Rust daemon at the conference.

Reyk Floeter Reyk is a former OpenBSD hacker who contributed various improvements, drivers, and networking daemons to the project since 2004. He has worked as a network security consultant, software engineer, and founder of multiple startups such as Esdenera and .vantronix, building enterprise-class products based on OpenBSD. Reyk is now based in Zurich, Switzerland, and works as a lead software engineer for the Kraken digital asset exchange.