snaggen to Rust · 1 year agoSecurity advisory for the standard library (CVE-2024-24576)blog.rust-lang.orgexternal-linkmessage-square10linkfedilinkarrow-up150arrow-down11cross-posted to: [email protected][email protected]
arrow-up149arrow-down1external-linkSecurity advisory for the standard library (CVE-2024-24576)blog.rust-lang.orgsnaggen to Rust · 1 year agomessage-square10linkfedilinkcross-posted to: [email protected][email protected]
minus-squareSchmeckinger@feddit.delinkfedilinkarrow-up1·1 year agoBut there is no reason to use a script, when you have a build.rs anyways. Since pretty much everything the script can do build.rs can do better.
minus-squaresugar_in_your_tea@sh.itjust.workslinkfedilinkarrow-up3·edit-21 year agoThat’s not going to be particularly feasible when generating bindings and other complex build processes. For example, the Qt bindings run shell commands as part of the build.rs. As does gettext-rs. So I don’t think it’s unreasonable to think a developer could sneak in an exploit with “temporary code” to improve some part of the build process on Windows.
But there is no reason to use a script, when you have a build.rs anyways. Since pretty much everything the script can do build.rs can do better.
That’s not going to be particularly feasible when generating bindings and other complex build processes. For example, the Qt bindings run shell commands as part of the build.rs. As does gettext-rs.
So I don’t think it’s unreasonable to think a developer could sneak in an exploit with “temporary code” to improve some part of the build process on Windows.