Sandboxed Rust


#1

I’d like to see a compilation mode where

  1. the program only has access to crates supplied on the command line, except for maybe a sandbox prelude which would provide things like Vec but not rmdir().
  2. #1 is enforced by disabling the language features that could circumvent it: unsafe, ffi declarations, linking to C libraries, #[start] etc.
  3. (for the truly paranoid) the runtime of the resulting program imposes arcane magicks on itself before main, like setrlimit and sydbox.

Some day, this could also be used for plugins and REPLs (without #3 of course).


#2

Targeting NaCl through PNaCl will accomplish what you seek (NaCl binaries don’t require Chrome to run). Take a look at my PNaCl fork, if you’re curious.


#3

Good one. Having a sandboxed REPL is always nice.