Hidden unsafe due to unintentionally abusable macros and include

kornel February 24, 2021, 3:21pm 13

You can't rely on the unsafe keyword to check safety of crates. There are many other "safe" ways to inject arbitrary code and evade the checks:

This is because unsafe is not a security boundary. It's a lint for double-checking programmer's own assumptions, and not a sandbox.

7 Likes

Topic		Replies	Views
Explicitly marking unsafe macro expressions Unsafe Code Guidelines	17	5100	May 21, 2019
Do we need `unsafe` macros? language design	6	1140	July 13, 2020
Security breach with Rust macros compiler	31	3737	August 25, 2021
You_can::turn_off_the_borrow_checker should not be allowed without declaring unsafe Unsafe Code Guidelines	14	2818	December 22, 2024
Does anyone use the push/pop_unsafe! macros?	7	1783	March 25, 2019