|
|
|
|
|
|
by iudqnolq
1099 days ago
|
|
|
I am a bit skeptical this is a workable approach long term, but there is a project based on an attempt to enumerate all of Rust's soundness holes and use Rust's compiler infrastructure to detect and forbid them. They think that by erring on the side of forbidding valid code this is feasible. https://news.ycombinator.com/item?id=35501065 |
|
|
> PL/Rust contains a small set of lints to block what the developers have deemed the most egregious "I-Unsound" Rust bugs. > [...] > Note that this is done on a best-effort basis, and does not provide a strong level of security — it's not a sandbox, and as such, it's likely that a skilled hostile attacker who is sufficiently motivated could find ways around it (PostgreSQL itself is not a particularly hardened codebase, after all).
They have extra lints to help you avoid what they deem the most common soundness bugs. They make no claims that there is a way to make this approach safe against an attacker.