| ▲ | gpm 6 days ago |
| > compilers (like Rust compiler) allow running arbitrary code without any warning. It's safe to assume that the Rust compiler (like any compiler built on top of LLVM) has arbitrary code execution vulnerabilities, but as an intended feature I think this only exists in cargo, the popular/official build system, not rustc, the compiler. |
|
| ▲ | codedokode 6 days ago | parent | next [-] |
| Rust has "procedural macros" which means executing arbitrary code during compilation: https://doc.rust-lang.org/reference/procedural-macros.html |
| |
| ▲ | Philpax 6 days ago | parent | next [-] | | It can invoke procedural macros, but those macros need to be built by something, and rustc won't do that by itself: https://blog.jetbrains.com/rust/2022/07/07/procedural-macros... I still think it's very not good that proc macros have full access to your system, but `rustc` alone cannot build a hostile macro as part of building some code that depends upon it. | |
| ▲ | gpm 6 days ago | parent | prev [-] | | Eh, rust has procedural macros, which means executing pre-built plugins during compilation. You can't execute arbitrary code, because you can't make and then execute new macros, you can only run the macros made available to you via the filesystem. Admittedly that's a bit like saying "a simple shell isn't arbitrary code execution"... except there tend to be binaries lying around on the filesystem which do things, unlike procedural macros. |
|
|
| ▲ | shakna 6 days ago | parent | prev [-] |
| Any language that supports constexpr, like Rust's const fn [0], can execute arbitrary code at compile time. [0] https://github.com/rust-lang/rust/issues/57563 |
| |
| ▲ | gpm 6 days ago | parent [-] | | Rust's const fns run in a restricted interpreter that does not allow for things like non-determinism, syscalls, unsound behavior, etc. They can neither read from nor write to "the environment" in any meaningful way. They don't even expose things like the host's pointer-size to the code being run. | | |
| ▲ | athrowaway3z 6 days ago | parent | next [-] | | That's all interesting about const fns, but AFAIK any dependency can add a build.rs that executes anything - and is usually automatically executed by the language server doing a build on Cargo.toml file change. Not a Rust-only problem, but one that people should be aware of in general. | |
| ▲ | shakna 5 days ago | parent | prev [-] | | Whilst it is restricted, you're not correct that it can't do unsound behaviour and can't do syscalls, and can't do non-determinism. It can call unsafe blocks. They are more limited unsafe blocks, but they are still unsafe blocks. | | |
| ▲ | gpm 5 days ago | parent [-] | | I'm pretty sure I'm not, but feel free to make an actual demonstration to the contrary... Unsafe blocks doesn't imply access to undefined behavior, merely the ability to write code that would be undefined in the regular non-const execution model. |
|
|
|
