this post was submitted on 29 Jul 2023
30 points (100.0% liked)

Rust

7444 readers
71 users here now

Welcome to the Rust community! This is a place to discuss about the Rust programming language.

Wormhole

!performance@programming.dev

Credits

  • The icon is a modified version of the official rust logo (changing the colors to a gradient and black background)

founded 2 years ago
MODERATORS
snowe@programming.dev
Ategon@programming.dev
EdTheLegendary@programming.dev
kahnclusions@programming.dev
torcherist@programming.dev
30
Rust Foundation Security Initiative Report (foundation.rust-lang.org)
submitted 2 years ago by Arbitrary@reddthat.com to c/rust@programming.dev
15 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[โ€“] gedhrel@lemmy.ml 1 points 2 years ago* (last edited 2 years ago) (1 children)

Apology appreciated, but unnecessary.

I don't want to derail a useful tool. It's worth going a bit beyond "hope" as a strategy, however, and thinking about if (how) this might be exploited.

I doubt anyone will be mining crypto in your sandbox. But perhaps you should think about detection; might it be possible to mask a malicious crate with a second that attempts to detect sandboxed compilation, for instance?

In any case, I think this still looks exceedingly interesting in the typical case, which is of detecting the impact of bugs from non-malicious actors.

[โ€“] gedhrel@lemmy.ml 1 points 2 years ago

Given the widespread existence of wasm sandboxing, rustc itself might want to think about alternative strategies for running compiler plugins. I suspect there'd be a performance hit with such an approach, but wasm tooling is getting really good; perhaps it is minor.