Safe Rust (sandboxing untrusted modules at API level)

I would expect doing this at the language level to get harder over time, not easier. The problem is that macros and CTFE are going to make “don’t execute code at compile time” increasingly less feasible.

What we really need is an easy to use, cross platform sandboxing solution. Something like NaCl would probably be the best direction to head. At that point, you could just run less-than-trustworthy crates in a sandbox.

1 Like