|
|
|
|
|
|
by kibwen
894 days ago
|
|
|
> In my mind, this kind of capability makes Rust crate safety scanning and associated metadata worthless as currently implemented. If you wanted to backdoor a Rust program, you wouldn't need the `unsafe` keyword at all. And if you want to use unsafe code, that's fine, plenty of crates use unsafe code without anyone being up in arms about it (e.g. the regex crate). This is a party trick rather than something to be concerned about; at the end of the day either you're auditing your dependencies (in which case this would stick out like a sore thumb) or you're not (in which case there are far easier ways to pwn you). |
|
|