Adding LLVM control flow integrity to make exploits harder is coming to Rust: https://rcvalle.com/docs/rust-cfi-design-doc.pdf
The primary use case is mixing C/C++ with Rust: you have weaker memory safety guarantees and hardening is still necessary. You don't want a partial Rust port to reduce security!
miniblog.
Related Posts
Hardening Android, including a neat jemalloc alternative that can mitigate memory corruption bugs:
All the spectre/meltdown hardening techniques have a significant CPU overhead.
I imagine CPU manufacturers have had to invest significantly in redesigns recently. Still, the additional overhead might force me to buy new hardware, and I guess others will too.
Address Sanitizer is a great debugging tool, but apparently you shouldn't use it for hardening release builds:
