Windows OS Embraces Rust
Windows Loves Rust
At BlueHat IL 2023, in Tel Aviv on March 29-30, David Weston, the director of OS Security for Windows, announced that Windows would be booting with Rust in the kernel soon, “in probably the next several weeks or months”. That’s pretty exciting to Rust fans out there.
It’s no secret that Windows has been experimenting with Rust. The love affair started years ago. For those of you who don’t know, Rust is a programming language designed with memory safety as one of its primary goals.
It achieves this through a combination of approaches. In simplified terms:
- Architecturally — the language uses a concept of memory ownership where any allocated memory is owned by a single variable (but can be borrowed as read-only).
- Borrow checker — a component that enforces the ownership model outlined above, ensuring that no memory is accessed after deallocation while also ensuring that there are no data races where multiple threads attempt to access the same memory concurrently (not general race conditions).
- Deterministic lifetimes — the lifetime of a variable is known at compile-time. This allows the borrow checker to enforce ownership and borrowing rules and ensures that as soon as allocated memory is no longer needed, it can be automatically freed.
- Immutable — by default, all variables are immutable helping to prevent inadvertent issues with memory safety.
According to MS memory safety accounted for more than 70% of the security-related updates released over the last decade plus. While MS is never going to completely rewrite 40-plus years of one of the most complex code bases in the world, it does make sense that it would begin experimenting with replacing especially vulnerable code given that Rust was created in part to address this very issue.
It’s already begun
The first port they’ve introduced is to deprecate DWrite (DirectWrite), part of Windows font parsing code, in favor of DWiteCore. DWriteCore is a cross-platform version of DWrite written in Rust that is now the recipient of all new feature development this is currently in use. They’ve also implemented a portion of Win32k GDI by implementing the Region data type, a core component of the Windows kernel responsible for window management. This component is currently shipping but disabled behind a feature flag, which is due to be removed for insider previews “shortly”.
So what’s the problem then?
All of the above is absolutely fantastic news for fans of security, Rust, and Windows OS. The potential issue is the Rust Foundation itself.
On April 6th, just a week after the announcements at the conference in Israel, the Rust Foundation released a new draft of its trademark policy and invited comments via a Google form giving a deadline of April 16th. Because it's in a Google form the comments aren’t publicly visible, but developers took to any and all social media to make their concerns known. And holy smoke, were those concerns voiced. People came out of every corner of the internet to comment, YouTube, SubStack, Reddit, Twitter, and basically every other forum you can think of. It even reached the point where the Rust community created a fork of the language.
For the sake of brevity(-ish), the highlight is this; after a year of deliberation, the Foundation published a final draft of a new trademark policy which essentially states that you cannot use the name “Rust” or use the Rust Logo, for any kind of profit or gain, register a domain name without explicit permission from the Rust foundation.
That’s right, you can’t use the name or logo at all without explicit permission in a domain name (for profit or not), or in anything that might make a profit or gain. Anywhere. For any reason. Have a domain name that uses the word “rust” in reference to the language? Denied. Your YouTube channel about the Rust language has the word Rust in it? Denied. You want to make a t-shirt promoting rust by using its logo? Nope. Have a non-profit website to teach Rust that has a domain name with the word rust in it? Not anymore.
And for more fun, this was also part of the new policy:
“Using the [word “Rust”] in the name of a tool for use in the Rust toolchain, a software program written in the Rust language, or a software program compatible with Rust software, will most likely require a license.”
If you’re wondering what that means, it means that any software that’s any part of the Rust ecosystem is banned from using the word rust. That’s IDE plugins, libraries like openssl-rust, rust-mysql, and every other tool, crate, or library you can think of.
What does this mean?
Maybe nothing. On the one hand, MS made the announcement at BlueHat IL 2023 prior to the release of the draft trademark policy and I can see this kind of insanely restrictive policy making them extremely nervous about using the language, certainly about promoting their use of it.
On the other hand, MS is one of the founding members of the Rust Foundation, along with Amazon (who also is promoting the adoption of Rust), among others. It seems like a big pill to swallow that MS wasn’t aware of this insanely restrictive policy but since they’re one of the founding members one would assume that they can probably get explicit permission to do whatever they want with the name and logo.
The day after the close of comments the Foundation issued an apology for its lack of transparency in the process, and that they will carefully consider the feedback.
So what’s my point?
I don’t think MS is going to have any issue with the trademark policy because they are a founding member and I can’t imagine them not being able to get permission for whatever they want to do regarding the name and logo. What I do see are three possible positions that MS could occupy regarding the trademark policy.
- They had no idea what was going on because they didn’t care or were ignorant. We can throw the ignorant option out immediately by looking at the board of directors.
- They actively support the new policy
- It’s a genuine mistake that the wording was so insanely restrictive and it will be a nothing burger when it's all said and done.
In the first case, they don’t care, then it's just a community problem and MS may or may not have to deal with some bad press for not pushing back.
In the second case, you really should start asking yourself, “Why would MS support this policy?” But let’s not stop there, that’s a valid question to ask of Amazon, Google, Meta, and the other founding members. What’s in it for them if this trademark policy stands? Who benefits from restricting people from using the word “Rust”, or the Rust logo?
In the third case, this will be something we all laugh about someday. This option I find about as likely as the board members being ignorant of the new policy. First, there was nothing to fix with the original trademark policy and even assuming it need to be refined, there was definitely no reason to suddenly roast everyone over a roaring fire. Second, the corporate member directors are far from being idiots or oblivious, and they are well equipped to understand the community's reaction. The fact that all of them missed out on what the reaction was going to be seems another tough pill to swallow.
This brings me back to the second case. Who benefits and how? I don’t see any clear answer to that but I’ll be very interested to see what the updated policy looks like when it comes out.
If you made it this far please clap, or subscribe so I’ll know you found the article interesting. If you want to read more like this or are interested in anything in particular, please comment and let me know. As always, thanks for reading!