While examining the executable that was built with a release profile out of curiosity, I found that the executable included my Linux user name.
I was a bit surprised, and I tried to find out why it was included by reducing the dependencies of the project one by one. And now I'm thinking that it came from the indexmap crate or one of its dependencies, but I'm not sure.
Does anyone know anything about this?
Here is a Bash script to reproduce.
cargo new example
cd example
cargo add indexmap
cat <<_EOF_ >>Cargo.toml
[profile.release]
codegen-units = 1
lto = true
panic = "abort"
strip = "symbols"
_EOF_
cat <<_EOF_ >src/main.rs
fn main() {
println!("{:?}", indexmap::indexmap! { "a" => 1 });
}
_EOF_
cargo build --release
strings target/release/example | grep "$USER"
My general advice is to use a dedicated account divorced from your personal information (or an even stronger sandbox) for development of Rust (or any other language where the norm is to pull dependencies in from the internet automatically). You're basically giving all your deps permission to run arbitrary programs as you already.
That said, you may be looking for the remap-path-prefix parameter until RFC 3127 support stabilizes. There's a few other issues about path sanitation in the Rust and Cargo repos which you can search for.
Thanks. I have used Docker, but never for development purposes.
When developing in a container, is it common to install only the necessary components such as cargo in the container? (In this case, the container is used only for the purpose of building the project.)
Or do you also install editing tools such as Vim or language servers in the container? (In this case, the container is also used for editing code.)
I also install development tools in my dev container – I basically use it as a complete, separate, reproducible machine. It would be annoying to have to re-install editors and compilers every time I restart it.
