31

Rust Foundation Security Initiative Report(foundation.rust-lang.org)

posted
by
Avatar
Arbitrary@reddthat.com
in
Avatar
rust@programming.dev
12 comments
hidereport
Sort:
HotTopControversialNewOld
You are viewing a single thread.
View all comments View context
Avatar
gedhrel@lemmy.ml
1 point
*

Apology appreciated, but unnecessary.

I don’t want to derail a useful tool. It’s worth going a bit beyond “hope” as a strategy, however, and thinking about if (how) this might be exploited.

I doubt anyone will be mining crypto in your sandbox. But perhaps you should think about detection; might it be possible to mask a malicious crate with a second that attempts to detect sandboxed compilation, for instance?

In any case, I think this still looks exceedingly interesting in the typical case, which is of detecting the impact of bugs from non-malicious actors.

permalink
report
parent
reply
Avatar
gedhrel@lemmy.ml
1 point

Given the widespread existence of wasm sandboxing, rustc itself might want to think about alternative strategies for running compiler plugins. I suspect there’d be a performance hit with such an approach, but wasm tooling is getting really good; perhaps it is minor.

permalink
report
parent
reply

Rust

!rust@programming.dev

Create post

Welcome to the Rust community! This is a place to discuss about the Rust programming language.

Wormhole

!performance@programming.dev

Credits
  • The icon is a modified version of the official rust logo (changing the colors to a gradient and black background)

Community stats

  • 572

    Monthly active users

  • 887

    Posts

  • 3.9K

    Comments

Community moderators