|
|
Log in / Subscribe / Register

Compiling Rust with GCC: an update

Compiling Rust with GCC: an update

Posted Sep 10, 2022 11:29 UTC (Sat) by developer122 (guest, #152928)
In reply to: Compiling Rust with GCC: an update by calumapplepie
Parent article: Compiling Rust with GCC: an update

While trusting trust attacks are hypothetically possible, they're of little to no concern to the vast majority of people.

I can think of only one urban legend where one was successfully deployed. That was in a software environment where all source code for every system component was standardized and provided by AT&T, with every single computer on earth having byte-identical source code and system software.

Unlike GNU, where the tools and libraries are ossified in place and haven't changed in perhaps 30 years, the rust ecosystem is still quite new. Code is frequently being tossed out and rewritten as styles and standards change or needs evolve, making a trusting trust attack particularly hard to pull off.

to post comments

Compiling Rust with GCC: an update

Posted Sep 12, 2022 22:51 UTC (Mon) by rahulsundaram (subscriber, #21946) [Link] (1 responses)

> While trusting trust attacks are hypothetically possible, they're of little to no concern to the vast majority of people.

We shouldn't be discounting attacks like that on the basis of what is popular. Otherwise, we run the risk of repeating the giant mess from the slew of side channel attacks that went from "hypothetically possible" to demonstrable but hard to repeat to causing industry wide changes within a few years. Good news for Rust is that there are multiple implementations already and only likely going to mature with time.

Compiling Rust with GCC: an update

Posted Sep 13, 2022 7:23 UTC (Tue) by kleptog (subscriber, #1183) [Link]

> We shouldn't be discounting attacks like that on the basis of what is popular.

Sure, but on the other hand it's sufficient if only a small group are working on solving the problem. Once it's worked out, we can automate it and roll it out everywhere. It's also relevant that there hasn't been an example found in the wild, which means it's judged very low risk.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds