Safe Library Imports

bascule February 1, 2019, 3:10pm 5

See also:

[pre-pre-rfc?] Solving Crate Trust cargo

Over time I’ve seen a bunch of problems brought up about trusting dependencies. While they’re different concerns with different threat models, I like to think of them as being different flavors of an overarching problem I call “crate trust”. I’d like to start a discussion about this, and propose one solution. This is a pre-pre-rfc with more of a sketch of a solution instead of specifics, and if folks like this I can move on to a more fleshed out pre-rfc. Problems Here are some of the problems i…

Build script capabilities cargo

(apologies if this has been discussed before, I couldn’t find anything) I touched on this problem in [pre-pre-rfc?] Solving Crate Trust, but it’s something worth splitting out. Currently, build scripts and compiler plugins (to a lesser degree) have unfettered power. They may end up doing whatever they want, and it’s hard to reason about them in the context of other build systems. There are a couple of things this impacts: Caching/artifact sharing: It’s hard to cache the results of crates com…

Crate capability lists

In recent years it became popular in programming language communities to share large amount of code using various package managers. Rust is no exception, it is very easy to share your own code and use code written by others by using Cargo. At first sight, this seems to be a good thing. As time passes, more and more package will be available, eventually providing everything that someone may need in an every day software project. However, as shown by the community of Node.js, this solution is hard…

An idea to mitigate attacks through malicious crates tools and infrastructure

The problem I assume that most readers here are aware of the recent flatmap-stream attack on Node. If you’re not, here’s the short version: the developer who managed a much-used library turned out to be malicious, and injected malicious code, which flew under the radar and was installed as dependency in gazillions of applications. The Rust ecosystem is vulnerable to the exact same kind of attack: one could imagine a malicious developer taking over, say, Itertools or some other popular crate th…

[Pre-RFC] Cargo Safety Rails cargo

Feature Name: cargo_safetyrails Start Date: 2017-07-13 RFC PR: (leave this empty) Rust Issue: (leave this empty) Summary This RFC proposes Cargo Safety Rails, allowing crates to ensure that dependent crates don’t use unsafe language features. By declaring a dependency “untrusted”, the user tells cargo to compile it with the -F unsafe_code option, preventing the dependency from using the unsafe keyword. Motivation Type safety allows the programmer to have strong guarantees about what incorpor…

3 Likes

show post in topic

Topic		Replies	Views
[Pre-RFC] Cargo Safety Rails cargo	56	6743	March 25, 2019
An idea to mitigate attacks through malicious crates tools and infrastructure	74	4097	March 25, 2019
Crate capability lists	32	4758	March 25, 2019
Disabling 'unsafe' by default Unsafe Code Guidelines	19	10130	March 25, 2019
Proposal to add "features" to standard library tools and infrastructure	9	2464	May 31, 2022

Safe Library Imports

Related topics