Security advisory for the standard library (CVE-2024-24576) (blog.rust-lang.org)

submitted 7 months ago by snaggen@programming.dev to c/rust@programming.dev

10 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] BB_C@programming.dev 1 points 7 months ago* (last edited 7 months ago)

Were there actually any real-world use-cases affected by this? Do any of them not deserve to be named and shamed irregardless of this vulnerability?

If it was up to me, I would nuke the cmd custom implementation, leave some helpful compile error messages behind, and direct users to some 3rd party crates to choose from.

[-] Moussx@programming.dev 6 points 7 months ago

Doing such a regression on a Tier 1 target would be a really big blow to the language's reputation imo

[-] BatmanAoD@programming.dev 5 points 7 months ago* (last edited 7 months ago)

What custom implementation? The escaping logic?

Edit: to be clear, there is no "custom implementation" of cmd itself, nor is the problem exclusive to Rust. This is a problem with the Windows cmd itself.

this post was submitted on 09 Apr 2024

49 points (98.0% liked)

Rust

6009 readers

3 users here now

Welcome to the Rust community! This is a place to discuss about the Rust programming language.

Wormhole

!performance@programming.dev

Credits

The icon is a modified version of the official rust logo (changing the colors to a gradient and black background)

founded 1 year ago

MODERATORS

snowe@programming.dev

Ategon@programming.dev

EdTheLegendary@programming.dev

kahnclusions@programming.dev

torcherist@programming.dev