[COFF] [TUHS] Re: Generational development [was Re: Re: Early GUI on Linux]

Dan Cross crossd at gmail.com
Tue Feb 28 08:01:23 AEST 2023 

On Mon, Feb 27, 2023 at 4:42 PM Chet Ramey <chet.ramey at case.edu> wrote:
> On 2/27/23 4:22 PM, Dan Cross wrote:
> > [COFF]
> >
> > On Mon, Feb 27, 2023 at 4:16 PM Chet Ramey <chet.ramey at case.edu> wrote:
> >> On 2/27/23 4:01 PM, segaloco wrote:
> >>> The official Rust book lists a blind script grab from a website piped into a shell as their "official" install mechanism.
> >>
> >> Well, I suppose if it's from a trustworthy source...
> >>
> >> (Sorry, my eyes rolled so hard they're bouncing on the floor right now.)
> >
> > I find this a little odd. If I go back to O'Reilly books from the
> > early 90s, there was advice to do all sorts of suspect things in them,
>
> Sure. My sense is that the world is a less trustworthy place today, that
> there are more bad actors out there, and that promoting unsafe practices
> like this does little good. If practices like this become the norm (and
> they have), it gets very easy to trick someone (or worse, compromise the
> server and replace the script with something that does just a little bit
> extra). Blindly executing code you get from elsewhere as root isn't a
> great idea.

FTR, you don't usually do this as root, as by default `rustup`
installs into $HOME.

I'm not sure how this is any less safe than downloading, say, a
tarball and running the contained `configure` script, except that in
the latter case one at least has the chance to look at the script
contents.

> Look at the compromises the Python community has been dealing with
> recently, involving replacing common packages on well-known repository
> sites with malicious ones.

That seems like an issue that is independent of the delivery mechanism.

FWIW, when my old team brought the Rust toolchain into Google, we
investigated this issue at length. Another team (Android security, I
believe) had used `mrustc`, which is a Rust compiler written in C++,
to bootstrap the "real" Rust compiler from source. We then downloaded
and vendored each dependent crate (Rust library) that we needed, with
an auditing step. So it's entirely possible to work with Rust without
ever using `rustup`.

        - Dan C.

More information about the COFF mailing list