Most loved programming language Rust sparks privacy concerns

In early 2017, a Rust developer filed an issue on the Rust lang's GitHub asking, "How can I stop rustc [from] including system specific information such as absolute file paths of the source it's compiled from in the binaries it generates?"

In 2018 the --remap-path-prefix option was introduced to address these concerns.

1 Like

It kinda feels like Cargo should just be turning that on by default, though - set it to the workspace root or crate root. Release mode only if it's too much of a detriment to debugging.

1 Like

Perhaps. I suspect it would be breaking change though. Elsewhere someone suggested giving Cargo a new shipping profile that could do things like this more easily.

Btw if you truly don't want to leak information then the flag alone isn't sufficient. For example, the linker can add information to a binsry. Also things such as times, dates, hashes, etc can leak through if you aren't careful.

There are similar issues with C/C++ builds. Usually you'd use a container (or VM) along with particular compiler/linker/build-system flags for shipping binaries without leaking information.

The Rust situation is still a work in progress and it'll be interesting to see how it can be improved.

2 Likes

This. Really, if you're using Cargo in the usual ways (automatically downloading deps and building things, etc.), do it in a restricted environment of some sort generally. Same for any analogous dependency manager.

3 Likes