92

What is going on with serde?(social.treehouse.systems)

posted
by
Avatar
snaggen@programming.dev
in
Avatar
rust@programming.dev
28 comments
hidereport

So, serde seems to be downloading and running a binary on the system without informing the user and without any user consent. Does anyone have any background information on why this is, and how this is supposed to be a good idea?

dtolnay seems like a smart guy, so I assume there is a reason for this, but it doesn’t feel ok at all.

Sort:
HotTopControversialNewOld
You are viewing a single thread.
View all comments
Avatar
Vorpal@lemmyrs.org
14 points
*

I saw some other crate doing something similar but using wasm, the idea is to sandbox the binary used as a proc macro. So that seems a bit better. Can’t see to find it any more.

EDIT: Found it https://lib.rs/crates/watt

permalink
report
reply
Avatar
Anders429@lemmy.world
9 points

Fun fact: the guy who wrote watt is the same guy who wrote serde.

permalink
report
parent
reply
Avatar
Mubelotix@jlai.lu
8 points

Made by the same guy

permalink
report
parent
reply
Avatar
manpacket@lemmyrs.org
7 points

serde is maintained by dtolnay, he is not the original author.

permalink
report
parent
reply
Avatar
Mubelotix@jlai.lu
5 points

I thought he was a genious inventing so many useful tools. Does he maintain other projects he didn’t create?

permalink
report
parent
reply
Show more comments
Avatar
argv_minus_one@beehaw.org
2 points

Sandboxing the binary doesn’t protect you. It can still insert malicious code into your application.

permalink
report
parent
reply

Rust

!rust@programming.dev

Create post

Welcome to the Rust community! This is a place to discuss about the Rust programming language.

Wormhole

!performance@programming.dev

Credits
  • The icon is a modified version of the official rust logo (changing the colors to a gradient and black background)

Community stats

  • 572

    Monthly active users

  • 887

    Posts

  • 3.9K

    Comments

Community moderators