Hidden unsafe due to unintentionally abusable macros and include

kornel February 24, 2021, 3:21pm 13

You can't rely on the unsafe keyword to check safety of crates. There are many other "safe" ways to inject arbitrary code and evade the checks:

This is because unsafe is not a security boundary. It's a lint for double-checking programmer's own assumptions, and not a sandbox.

7 Likes

Topic		Replies	Views
Do we need `unsafe` macros? language design	6	947	July 13, 2020
You_can::turn_off_the_borrow_checker should not be allowed without declaring unsafe Unsafe Code Guidelines	13	2621	January 24, 2022
Does anyone use the push/pop_unsafe! macros?	7	1745	March 25, 2019
Pre-RFC: making unsafe more safe to use language design	12	3142	March 25, 2019
Unsafe categories	18	1292	December 14, 2021