[rust-dev] sandboxing Rust?

Josh Haberman jhaberman at gmail.com
Sun Jan 19 08:39:26 PST 2014


On Sun, Jan 19, 2014 at 12:34 AM, Patrick Walton <pwalton at mozilla.com> wrote:
> I think this is too strongly worded. While I agree that naively running
> untrusted Rust code is not a good idea at all, I think that language level
> security is not unachievable. It is absolutely an utmost priority to get to
> the point where the language is secure, and Rust treats memory safety issues
> with the same severity as security bugs.

Cool, this is really what I was looking to know. For my own purposes
I'm not thinking so much of running entirely untrusted code, but more
like "pretty trusted" code: like the level of trust you have in a
framework/library that you download and use in your project; where you
didn't write the code yourself but you can read it first if you want
(and others probably have); where there is reputation on the line and
it would be tricky to hide an exploit in plain sight.

For this scenario you would care first and foremost that the code is
highly unlikely to escape inadvertently, and resistance to intentional
attack is just icing on the cake. From the above it sounds like the
goal is to take safety seriously, which would seem to make it entirely
appropriate for this purpose (eventually, once Rust is stable).

Thanks,
Josh


More information about the Rust-dev mailing list