I’d like to see a compilation mode where
- the program only has access to crates supplied on the command line, except for maybe a sandbox prelude which would provide things like
Vec
but notrmdir()
. -
#1 is enforced by disabling the language features that could circumvent it:
unsafe
, ffi declarations, linking to C libraries,#[start]
etc. - (for the truly paranoid) the runtime of the resulting program imposes arcane magicks on itself before
main
, like setrlimit and sydbox.
Some day, this could also be used for plugins and REPLs (without #3 of course).