I'm wondering if one could retrofit compile time capability checking by making sure that a crate only imported from an allowed set of use statements... could a tool check that std::net::* wasn't imported to the num_cpus crate for example? We know what a crate depends on, but the std lib gives it access to pretty much do anything - is there a way to keep that power in check a little? (I'm after something where we don't have to re-write all the existing crates)
Seems like a strange requirement. What do you need this for? If you want to improve security by ensuring that a process doesn't phone home, then stick it in a container and don't expose any ports.
1 Like
Note that use doesn't import anything. A lack of use doesn't prevent using anything — the code can still refer to items by their full path, as well as indirectly through macros or types/references returned by other functions.
You can't forbid anything in Rust for the purpose of taming untrusted malicious code. The entire toolchain trusts the code it is compiling. There are loopholes like linker symbol collisions that allow any code call or replace any function anywhere in any namespace from any crate.
5 Likes
This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.