https://www.secdev.uk/blog/tags/ownership/ Recent content in Ownership on guy@secdev.uk Hugo en-gb Guy Dixon | guy@secdev.uk Sat, 11 Oct 2025 00:00:00 +0000 https://www.secdev.uk/blog/technology/2025-10-11-rust-security-unsafe-breaks-promise/ Sat, 11 Oct 2025 00:00:00 +0000 https://www.secdev.uk/blog/technology/2025-10-11-rust-security-unsafe-breaks-promise/ <p>I love Rust. I genuinely do. Its ownership system, borrow checker, and type system wipe out entire classes of vulnerabilities at compile time, use-after-free, double-free, data races, null pointer dereferences, buffer overflows. But here&rsquo;s the thing: Rust gives you an escape hatch called <code>unsafe</code>, and when it&rsquo;s used incorrectly, it reintroduces every single vulnerability that Rust was designed to prevent. The more I dug into real-world Rust codebases, the more I found this happening. Beyond <code>unsafe</code>, Rust has its own quirky set of security pitfalls: integer overflow behaviour that differs between debug and release builds, FFI boundaries that trust C code unconditionally, and logic errors that the type system simply cannot catch. In this post, I want to walk through the Rust-specific anti-patterns that break the safety promise.</p>