• gedhrel@lemmy.ml
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    1 year ago

    Apology appreciated, but unnecessary.

    I don’t want to derail a useful tool. It’s worth going a bit beyond “hope” as a strategy, however, and thinking about if (how) this might be exploited.

    I doubt anyone will be mining crypto in your sandbox. But perhaps you should think about detection; might it be possible to mask a malicious crate with a second that attempts to detect sandboxed compilation, for instance?

    In any case, I think this still looks exceedingly interesting in the typical case, which is of detecting the impact of bugs from non-malicious actors.

    • gedhrel@lemmy.ml
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Given the widespread existence of wasm sandboxing, rustc itself might want to think about alternative strategies for running compiler plugins. I suspect there’d be a performance hit with such an approach, but wasm tooling is getting really good; perhaps it is minor.