snaggen@programming.dev to Rust@programming.dev · 7 months agoSecurity advisory for the standard library (CVE-2024-24576)blog.rust-lang.orgexternal-linkmessage-square10fedilinkarrow-up150cross-posted to: security@lemmy.mltechnology@lemmy.world
arrow-up150external-linkSecurity advisory for the standard library (CVE-2024-24576)blog.rust-lang.orgsnaggen@programming.dev to Rust@programming.dev · 7 months agomessage-square10fedilinkcross-posted to: security@lemmy.mltechnology@lemmy.world
minus-squaresugar_in_your_tea@sh.itjust.workslinkfedilinkarrow-up3·edit-27 months agoThat’s not going to be particularly feasible when generating bindings and other complex build processes. For example, the Qt bindings run shell commands as part of the build.rs. As does gettext-rs. So I don’t think it’s unreasonable to think a developer could sneak in an exploit with “temporary code” to improve some part of the build process on Windows.
That’s not going to be particularly feasible when generating bindings and other complex build processes. For example, the Qt bindings run shell commands as part of the build.rs. As does gettext-rs.
So I don’t think it’s unreasonable to think a developer could sneak in an exploit with “temporary code” to improve some part of the build process on Windows.