This is an excellent point!
BTW, there are some examples of & research on how interoperability interacts with (memory-)safety and security:
E.g., from "Cross-Language Attacks" / NDSS 2022:
CFI is entering widespread usage in C/C++ applications, and is designed to provided partial memory safety by protecting the integrity of code pointers. In combination with Shadow Stacks, CFI offers the best combination of strength and performance among runtime defenses to date. As discussed previously, c.f., Figure 2, Rust does not use CFI as it provides full memory safety, rendering partial memory safety redundant. Consequently, an arbitrary write vulnerability in C/C++ can corrupt a code pointer used in Rust, bypassing CFI verification or shadow stack protection. See Figure 5 for an example.
Or, going in the perhaps less common direction: "Exploiting Mixed Binaries" / ACM TOPS 24(2) 2021
"The attacks explored in this article do not exploit Rust or Go binaries that depend on some legacy (vulnerable) C/C++ code. In contrast, we explore how Rust/Go compiled code can stand as a vehicle for bypassing hardening in C/C++ code. In particular, we discuss CFI and SafeStack, which are available in the latest Clang. Our assessment concludes that CFI can be completely nullified through Rust or Go code by constructing much simpler attacks than state-of-the-art CFI bypasses."
Worth noting developments since then, in particular Rust getting CFI support:
Control Flow Guard for Clang/LLVM and Rust
2020-08-17
https://msrc.microsoft.com/blog/2020/08/control-flow-guard-for-clang-llvm-and-rust/
LLVM CFI and Cross-Language LLVM CFI Support for Rust
2023-12-08
https://bughunters.google.com/blog/4805571163848704/llvm-cfi-and-cross-language-llvm-cfi-support-for-rust
Originally posted by @MattPD in 0105faf
Originally posted by @MattPD in 0105faf