this post was submitted on 09 Apr 2024
49 points (98.0% liked)

Rust

5999 readers
20 users here now

Welcome to the Rust community! This is a place to discuss about the Rust programming language.

Wormhole

!performance@programming.dev

Credits

  • The icon is a modified version of the official rust logo (changing the colors to a gradient and black background)

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] sugar_in_your_tea@sh.itjust.works 2 points 7 months ago (5 children)

This sounds like a pretty big deal for crates with custom build.rs files.

[–] BatmanAoD@programming.dev 11 points 7 months ago (3 children)

How so? This exploit requires running a shell command in a way that permits an attacker to control the arguments provided. That doesn't seem like it would be particularly common in build scripts.

[–] sugar_in_your_tea@sh.itjust.works 2 points 7 months ago* (last edited 7 months ago) (2 children)

I'm thinking an xz-style attack where a malicious actor submits an "improvement" with an innocuous-looking change to the build script that ends up running arbitrary commands. Running a batch script seems like a reasonable thing for a build script to do (e.g. to run something like i18n or whatever), and a lot of project devs may not know much about how batch scripts work (many devs are more familiar with Linux-compatible shell scripts), so it could slip through. The batch script itself could be innocuous and thus not be caught by a reviewer.

[–] Schmeckinger@feddit.de 1 points 7 months ago (1 children)

But there is no reason to use a script, when you have a build.rs anyways. Since pretty much everything the script can do build.rs can do better.

[–] sugar_in_your_tea@sh.itjust.works 3 points 7 months ago* (last edited 7 months ago)

That's not going to be particularly feasible when generating bindings and other complex build processes. For example, the Qt bindings run shell commands as part of the build.rs. As does gettext-rs.

So I don't think it's unreasonable to think a developer could sneak in an exploit with "temporary code" to improve some part of the build process on Windows.

load more comments (1 replies)