Hacker News new | ask | show | jobs
by icholy 661 days ago
That seems like a lot of hoops to jump through considering that rust allows arbitrary code execution during compile time anyway.
1 comments
thesuperbigfrog 661 days ago
>> That seems like a lot of hoops to jump through considering that rust allows arbitrary code execution during compile time anyway.

If you mean build.rs build scripts, yes, those do run, but it is not arbitrary code. You can view and inspect them before building. If you need more security, you can download all the dependencies and build inside an isolated container.

link
icholy 661 days ago
> but it is not arbitrary code

uhh ya it is. There's also https://github.com/eleijonmarck/do-not-compile-this-code

link
thesuperbigfrog 661 days ago
No. The code in question is plainly visible in the crate:

https://github.com/eleijonmarck/do-not-compile-this-code/blo...

This is true for all third-party libraries. If you blindly download and execute code from the Internet, this is a risk you are assuming.

As I stated above, if you need more security, you can download all the dependencies and build inside an isolated container.

link