Programmer Humor

32371 readers

581 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

Posts must be relevant to programming, programmers, or computer science.
No NSFW content.
Jokes must be in good taste. No hate speech, bigotry, etc.

founded 5 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

cat_programmer@lemmy.ml

149

Proc macro sandboxing (lemmy.ml)

submitted 1 year ago by Victim_0@lemmy.ml to c/programmerhumor@lemmy.ml

24 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] PlexSheep@feddit.de 1 points 1 year ago (1 children)

I don't think this is a problem with proc macros or package managers. This is just a regular supply chain attack, no?

The way I understand it, sandboxing would be detrimental to code performance. Imagine coding a messaging system with a serve struct, only for serde code to be much slower due to sandboxing. For release version it could be suggested to disable sandboxingy but then we would have gained practically nothing.

In security terms, being prepared for incidents is most often better than trying to prevent them. I think this applies here too, and cargo helps here. It can automatically update your packages, which can be used to patch attacks like this out.

If you think I'm wrong, please don't hesitate to tell me!

[–] skullgiver@popplesburger.hilciferous.nl 3 points 1 year ago* (last edited 11 months ago)

[This comment has been deleted by an automated system]