Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Wednesday April 07 2021, @11:44AM   Printer-friendly

Most loved programming language Rust sparks privacy concerns

Rust developers have repeatedly raised concerned about an unaddressed privacy issue over the last few years. [...] However, for the longest time developers have been bothered by their production builds leaking potentially sensitive debug information.

In early 2017, a Rust developer filed an issue on the Rust lang's GitHub asking, "How can I stop rustc [from] including system specific information such as absolute file paths of the source it's compiled from in the binaries it generates? [...] These absolute path names revealed the developer's system username and the overall structure of directories, including the home directory."

[...] On a first glance, this "leak" of usernames and absolute paths may seem trivial to a reader. However, over years, many more developers were left surprised to notice such information being included not just in debug builds but their production Rust builds as well [1, 2, 3, 4, ...] and pushed for a change.

[...] Interestingly, despite being a privacy risk, the inadvertent inclusion of metadata such as absolute paths may aid computer forensics experts and the law enforcement as the path could reveal system usernames. Of course, any developer who is aware of this issue can trivially build their Rust applications inside of a container, and use a pseudonymous username to minimize impact from the issue.

To understand if Rust considered this a vulnerability or planned on a bug fix, BleepingComputer reached out to the Rust core team for comment.

"We agree that this is a bug worth fixing and will be supporting our teams in solving it," Manish Goregaokar of the Rust team and a senior software engineer at Google told BleepingComputer.

Although at this time, it is not known how or when the Rust team plans on resolving this issue, the increased pressure from the developer community seems to be steering Rust maintainers into an actionable direction.


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 5, Insightful) by Anonymous Coward on Wednesday April 07 2021, @12:26PM (18 children)

    by Anonymous Coward on Wednesday April 07 2021, @12:26PM (#1134246)

    Seriously?

    • (Score: 0) by Anonymous Coward on Wednesday April 07 2021, @01:15PM (1 child)

      by Anonymous Coward on Wednesday April 07 2021, @01:15PM (#1134256)

      I might begin to start loving Rust if I can get modules compiled on different versions to link together. Such was the last attempt I made 2 years ago.

      • (Score: 0) by Anonymous Coward on Wednesday April 07 2021, @02:00PM

        by Anonymous Coward on Wednesday April 07 2021, @02:00PM (#1134267)

        I tried the AUR git packages for about a month in 2015 and never completed a full toolchain compile. Cargo with broken OpenSSL bindings should not be a requirement at that stage of development. Waiting for nightly checkout and imminent failure let me read up on what the language was really about - bunch of CoCsuckers pushing their safe-space culture. I hate it!

    • (Score: 2) by HiThere on Wednesday April 07 2021, @02:09PM (4 children)

      by HiThere (866) Subscriber Badge on Wednesday April 07 2021, @02:09PM (#1134270) Journal

      Judging by comments, yes. I don't like it, but many others appear to...well, like is too weak a word.

      --
      Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
      • (Score: 3, Insightful) by Anonymous Coward on Wednesday April 07 2021, @02:17PM (1 child)

        by Anonymous Coward on Wednesday April 07 2021, @02:17PM (#1134274)

        Corporate employees these days are required to love anything they are ordered to, aren't they?

        • (Score: 3, Informative) by DannyB on Wednesday April 07 2021, @03:29PM

          by DannyB (5839) Subscriber Badge on Wednesday April 07 2021, @03:29PM (#1134303) Journal

          Giving the external appearance of loving it is considered sufficient.

          --
          People today are educated enough to repeat what they are taught but not to question what they are taught.
      • (Score: 1) by The Mighty Buzzard on Thursday April 08 2021, @02:03AM (1 child)

        by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Thursday April 08 2021, @02:03AM (#1134581) Homepage Journal

        I like some things about it, others I could live without. The language itself is quite enjoyable to code in. I can't stand the fucking libraries though, it's like they're all coded by teenagers who insist on using whatever shiny and new library they just heard about in their project (whether it benefits the project in any way or just enormous bloat for trendy points) and on putting political ideology above the code.

        --
        My rights don't end where your fear begins.
        • (Score: 2) by Subsentient on Thursday April 08 2021, @12:20PM

          by Subsentient (1111) on Thursday April 08 2021, @12:20PM (#1134738) Homepage Journal

          Fucking this.

          Rust is actually fairly decent as a language, but the community is cancerous and toxic beyond words. The sooner GCC gets a Rust frontend and we can rip control of the language out of their fat, stubby, feta cheese scented hands, the better.

          I learned Rust partly so I wouldn't have to worry about it in the future. In truth, it's only resulted in more worry, because now I see some of the issues in Rust and I'm scared that C++ will be "banished" to the point I have to put up with their shit.

          --
          "It is no measure of health to be well adjusted to a profoundly sick society." -Jiddu Krishnamurti
    • (Score: 5, Interesting) by turgid on Wednesday April 07 2021, @03:00PM (9 children)

      by turgid (4318) Subscriber Badge on Wednesday April 07 2021, @03:00PM (#1134291) Journal

      Unfortunately, many people in the embedded world are starting to drink the Rust Kool Aide and it looks like it's about to achieve critical mass. That means we're going to have to learn it whether we like it or not.

      To be fair, it is quite an improvement on C++ in some respects, but then again that wouldn't be difficult.

      From what I've seen of Rust so far, it's a language designed by people who don't believe in unit tests. Like C++, it looks like it requires a very complex compiler which implies slow compiles, missing features and bugs. I can't help thinking they looked at C++ and asked themselves how they could make something even bigger.

      Would anyone with any Rust experience like to elaborate?

      • (Score: 3, Informative) by bart9h on Wednesday April 07 2021, @04:41PM

        by bart9h (767) on Wednesday April 07 2021, @04:41PM (#1134342)

        For what I superficially looked at Rust (tried to create a program with it), I agree with most of what you said, but Rust certainly is not even close to the size of C++.

      • (Score: 0) by Anonymous Coward on Wednesday April 07 2021, @06:30PM (4 children)

        by Anonymous Coward on Wednesday April 07 2021, @06:30PM (#1134389)

        companies and governments will require a mem safe lang/programs soonish.

        • (Score: 2, Insightful) by Anonymous Coward on Wednesday April 07 2021, @09:25PM (3 children)

          by Anonymous Coward on Wednesday April 07 2021, @09:25PM (#1134451)

          Aren't they all using Java (at best), for couple decades already? And C#, and Node.js.

          Not that it helps them any.

          • (Score: 3, Insightful) by DannyB on Wednesday April 07 2021, @09:30PM (2 children)

            by DannyB (5839) Subscriber Badge on Wednesday April 07 2021, @09:30PM (#1134457) Journal

            Answer: Yes

            It helps them some.

            But many SN readers do not even realize that Java has been the top #1 or #2 language for over 15 years. They think of it as some obscure language nobody uses.

            It is not difficult to program Java if you adjust your level of sanity accordingly.

            --
            People today are educated enough to repeat what they are taught but not to question what they are taught.
            • (Score: 3, Funny) by Azuma Hazuki on Friday April 09 2021, @09:38AM (1 child)

              by Azuma Hazuki (5086) on Friday April 09 2021, @09:38AM (#1135247) Journal

              That's non-trivial in Java though. You need a SanityFactory, and for *that* you need a SanityFactoryFactory. Bloat. Bloat, I say! Real coders stare directly into the abyss and create strings as char *arrays! I/O I/O, C-thulhu kh'rash'n!

              --
              I am "that girl" your mother warned you about...
              • (Score: 3, Funny) by DannyB on Friday April 09 2021, @03:09PM

                by DannyB (5839) Subscriber Badge on Friday April 09 2021, @03:09PM (#1135316) Journal

                There is a time and place where staring into the abyss and coding for every single byte and cpu cycle is absolutely required.

                For everything else there's mastercard.

                --
                People today are educated enough to repeat what they are taught but not to question what they are taught.
      • (Score: 3, Interesting) by wirelessduck on Thursday April 08 2021, @01:00AM

        by wirelessduck (3407) on Thursday April 08 2021, @01:00AM (#1134562)

        From what I've seen of Rust so far, it's a language designed by people who don't believe in unit tests.

        Are you sure? I have never used Rust, but a quick search of the Rust docs suggests otherwise.

        https://doc.rust-lang.org/rust-by-example/testing.html [rust-lang.org]

        https://doc.rust-lang.org/book/ch11-00-testing.html [rust-lang.org]

        Perhaps this is a relatively recent addition to the language?

      • (Score: 2, Interesting) by The Mighty Buzzard on Thursday April 08 2021, @02:08AM (1 child)

        by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Thursday April 08 2021, @02:08AM (#1134586) Homepage Journal

        MrPlow, my IRC bot that does a lot of SN submissions, is written it Rust. It's not bad on compile times for small projects but if you use other people's libraries, you'd better expect times to increase quite a lot and to have an enormous binary at the end. What new thing is hip and trendy is more important to too many library coders than having tight, efficient code.

        --
        My rights don't end where your fear begins.
        • (Score: 3, Insightful) by Azuma Hazuki on Friday April 09 2021, @10:06AM

          by Azuma Hazuki (5086) on Friday April 09 2021, @10:06AM (#1135250) Journal

          Sounds like what Rust needs is something akin to the standard C++ libraries. Think that will ever happen? A standard, well-coded, tight set of libraries for basic functions I mean.

          --
          I am "that girl" your mother warned you about...
    • (Score: 0) by Anonymous Coward on Wednesday April 07 2021, @03:14PM

      by Anonymous Coward on Wednesday April 07 2021, @03:14PM (#1134296)
  • (Score: 3, Funny) by Mojibake Tengu on Wednesday April 07 2021, @12:49PM (11 children)

    by Mojibake Tengu (8598) on Wednesday April 07 2021, @12:49PM (#1134247) Journal

    Computer memory is Monad. Pointers are Arrows. NULL is Zero Ring algebra.

    Rust is a language created by people who can't code made for people who don't understand computer memory.

    The rest is a tragicomedy. Or, maybe a design stalking as planned by agencies who infiltrated FOSS.

    Workaround: never put any software project to /home. Any browser or KDE online desktop weather gadget could tamper with that.
    I keep a separate devel zpool for serious projects and separate users for each.

    su is your friend. sudo is not.

    --
    Respect Authorities. Know your social status. Woke responsibly.
    • (Score: 4, Insightful) by Anonymous Coward on Wednesday April 07 2021, @12:57PM (10 children)

      by Anonymous Coward on Wednesday April 07 2021, @12:57PM (#1134249)

      It's the same with all these modern, toy languages. Utter garbage. These idiots come out of college with little skills, and I have to work with them. I once had a young guy have a melt down because he actually had to write code because "what do you mean there isn't a library for that?!" I said, "welcome to software engineering."

      • (Score: 1) by The Mighty Buzzard on Wednesday April 07 2021, @01:12PM (1 child)

        by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Wednesday April 07 2021, @01:12PM (#1134253) Homepage Journal

        And knowing you have to work with idjits like that, don't you want something that will keep you from choking them every time they commit some code?

        --
        My rights don't end where your fear begins.
        • (Score: 0) by Anonymous Coward on Wednesday April 07 2021, @05:19PM

          by Anonymous Coward on Wednesday April 07 2021, @05:19PM (#1134352)

          No one wants to hear your coding kinks ;-)

      • (Score: 4, Interesting) by HiThere on Wednesday April 07 2021, @02:15PM (7 children)

        by HiThere (866) Subscriber Badge on Wednesday April 07 2021, @02:15PM (#1134272) Journal

        Sorry, but libraries are important. Yes, you could write your own hash table, I've done so. It's a bad idea. It adds immensely to the amount of time it takes to do the project. Even when using Fortran IV I used libraries frequently.

        ALL the basic things should be handled by libraries. I was astounded when Algol didn't include any I/O statements, depending instead on libraries, but in just a few years I realized that was a reasonable decision, and today I feel it was the best available decision. This doesn't mean you shouldn't have standard libraries, of course. Algol didn't have that, but C did/does.

        --
        Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
        • (Score: 2, Insightful) by Anonymous Coward on Wednesday April 07 2021, @02:21PM (1 child)

          by Anonymous Coward on Wednesday April 07 2021, @02:21PM (#1134275)

          Some libraries MIShandle the thing they work at to the point that it's faster and easier to rewrite the part you need, than to reliably wrestle the library into submission.

          • (Score: 2) by istartedi on Thursday April 08 2021, @12:53AM

            by istartedi (123) on Thursday April 08 2021, @12:53AM (#1134558) Journal

            That's when you start calling it a "framework".

            --
            Appended to the end of comments you post. Max: 120 chars.
        • (Score: 5, Interesting) by Socrastotle on Wednesday April 07 2021, @03:42PM (4 children)

          by Socrastotle (13446) on Wednesday April 07 2021, @03:42PM (#1134310) Journal

          There's two opposite extremes here. I suspect he was not advocating for languages not having a basic IO library, but simply that some people become extremely library addicted where anytime they have any non-trivial task whatsoever they begin to try to find a library to do it. And so you end up with projects that have a gazillion dependencies tied together with duct tape and string, where when anything updates (or bugs out, or fixes a bug our library fan assumed was normal operating behavior), the entire system breaks. And then you get reports from some audit agency that 90% of bugs come from third party dependencies.

          I find guys that have backgrounds in web domains are disproportionately made up of these types. Nightmare to work with because their entire style is optimized around hitting metrics that people who have no clue about code would think are good (buzzwords + speed) whereas people who are more aware of what's going on freak out under the realization that their submitted component is a ticking timebomb of the sort that your release product ends up with a half dozen patches on day 0.

          • (Score: 3, Insightful) by DannyB on Wednesday April 07 2021, @09:39PM (3 children)

            by DannyB (5839) Subscriber Badge on Wednesday April 07 2021, @09:39PM (#1134464) Journal

            Nothing is wrong with looking for a library.

            I've been doing this job for almost 40 years. I can build anything I need from the machine code up to the application software. If there is some new technique or algorithm that I don't know, I certainly know how to find it and learn it.

            If someone else has already solved a problem that I am facing, and made a nice library, then there is nothing wrong with using it. Especially if it is open source, maintained and has some community. Even if it is merely open source and unmaintained, I might use if if it looks like I could maintain anything that might need work in the future. Especially if it works today and I saved time by not reinventing it.

            For most lower level, infrastructure, technology level things, most programmers aren't facing any new problems, most of the time.

            This is true for many languages to one degree or other, but . . . in the Java world the sheer vastness and scope of libraries available is an embarrassment of riches.

            One would be crazy not to take advantage of this.

            --
            People today are educated enough to repeat what they are taught but not to question what they are taught.
            • (Score: 2) by hopdevil on Thursday April 08 2021, @01:55AM (2 children)

              by hopdevil (3356) on Thursday April 08 2021, @01:55AM (#1134578)

              Do the people that maintained the code after you have the same attention to those 3rd party libraries? Do you really trust the people that wrote that code or those take over the project from them?

              This is how you get fucked by security issues, just sayin'

              • (Score: 3, Insightful) by DannyB on Thursday April 08 2021, @04:10PM (1 child)

                by DannyB (5839) Subscriber Badge on Thursday April 08 2021, @04:10PM (#1134823) Journal

                Most libraries I use are developed by foundations with sponsors, or by communities that maintain things in an open and transparent way. These libraries tend to be widely used and by corporations that can afford to contribute.

                Some libraries are relatively simple, need little maintenance. Being widely used still implies the "many eyes" thing. One library I started using over ten years ago started to become obscure. Another company which uses it in a major product (Jira) now maintains it. So I was pleasantly surprised.

                As for trust, I don't give that easily. But I would point out that the libraries I used are often developed by people in other corporations making large commercial software products. So, in other words, peers.

                I hear what you say about security issues. I pay attention to that. I look for updates, and why updates happen. But this is the typical over-engineered Java boring corporate world, vs the wild west of ${some-other-ecosystems}.

                Your points are well made.

                --
                People today are educated enough to repeat what they are taught but not to question what they are taught.
                • (Score: 2) by hopdevil on Thursday April 08 2021, @04:33PM

                  by hopdevil (3356) on Thursday April 08 2021, @04:33PM (#1134835)

                  I'm glad you clarified, respect++

  • (Score: 3, Interesting) by bzipitidoo on Wednesday April 07 2021, @12:53PM (19 children)

    by bzipitidoo (4388) on Wednesday April 07 2021, @12:53PM (#1134248) Journal

    One bit of security theater I find ridiculous is this insistence that usernames or user IDs should be hidden. Even should be treated like they are passwords. I've encountered a few login pages that blot out with asterisks the username as it is typed in.

    If the user is bothered by it, just choose a username that isn't their real name or otherwise identifies them. Personally, I use the username 'u'. Even that I have had a little trouble with. Several years ago when I last tried it, the OpenSUSE didn't like 1 character usernames. Their installer refused to accept it unless it is at least 2 characters. But you could go in later, after installation, and create another account with a 1 character username.

    Still other systems insist on scraping the username, to "personalize" the computer, and use that tidbit of info for autofill and such like stuff. It's another reason why I like a 1 character username. Nice also for ssh and scp. Just make sure the password does not need the help of a long and sort of hidden username to be strong.

    • (Score: 2, Insightful) by Anonymous Coward on Wednesday April 07 2021, @01:03PM (16 children)

      by Anonymous Coward on Wednesday April 07 2021, @01:03PM (#1134250)

      Oh look, here's yet another person who doesn't understand security. Having your user ID is one step in a chain that is needed to break into your system. Why make it easy for them? Are you really relying solely on a password to protect you?

      • (Score: 1) by The Mighty Buzzard on Wednesday April 07 2021, @01:10PM (3 children)

        by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Wednesday April 07 2021, @01:10PM (#1134252) Homepage Journal

        I think you mean private key not password. Guess on mine as long as you like. You'll be long dead before you manage.

        --
        My rights don't end where your fear begins.
        • (Score: 0) by Anonymous Coward on Wednesday April 07 2021, @04:08PM (2 children)

          by Anonymous Coward on Wednesday April 07 2021, @04:08PM (#1134330)

          I bet it is the same as the combo on my luggage!

      • (Score: 5, Insightful) by bzipitidoo on Wednesday April 07 2021, @02:27PM (11 children)

        by bzipitidoo (4388) on Wednesday April 07 2021, @02:27PM (#1134277) Journal

        I am not relying on a username to protect me. That's not what they're for. They are (or were) supposed to be public, so people could communicate with each other. You'd even have directories that list everyone's username. What do you think commands such as "who" are all about? I realize that's from the days when Unix system design had a degree of naivety towards security, when the only thing stopping "cat /etc/passwd" from listing all the users AND PASSWORDS IN PLAINTEXT was the read file permission bit being set to false, yet the point is still valid. Receiving communications is a lot lot harder if not impossible, if you are not publicly visible in some fashion.

        What really shows a lack of understanding is the use of fake security to bolster badly used real security. Trying to stop spam by trying to hide your email address is very sort of thing I mean. Under any reasonable scenario, email addresses cannot be kept private. Sure, add "NOSPAM" to your username to throw off the brainless spambots, but don't expect diligent use of that technique to stop the flood. What is more effective is going after the worst spammers. I haven't seen a penis enlargement spam email in decades. Still occasionally get the Nigerian prince or government official who will give me a fortune if I will just help him move some money, which of course requires my bank account number, which banks have really botched, trying to have it both ways on security, telling customers to keep that number hidden, but requiring that it be spread all around with every transaction.

        • (Score: 3, Touché) by NateMich on Wednesday April 07 2021, @03:37PM

          by NateMich (6662) on Wednesday April 07 2021, @03:37PM (#1134308)

          They are (or were) supposed to be public, so people could communicate with each other.

          Just like phone numbers.

          You'd even have directories that list everyone's username.

          Just like phone books.

          Remember Terminator where he hunted down people from the phone book? It's kind of like that.

        • (Score: 3, Insightful) by epitaxial on Wednesday April 07 2021, @04:01PM

          by epitaxial (3165) on Wednesday April 07 2021, @04:01PM (#1134326)

          Times change. Deal with it. Why do you think systems no longer let you know if a username is valid before requiring a password?

        • (Score: 3, Interesting) by Tork on Wednesday April 07 2021, @04:11PM (6 children)

          by Tork (3914) Subscriber Badge on Wednesday April 07 2021, @04:11PM (#1134333)

          I am not relying on a username to protect me. That's not what they're for. They are (or were) supposed to be public, so people could communicate with each other.

          Question: Why even make the Username and the Login name the same?


          I'm seriously asking. Though I've done web development, web-security was never a niche of mine, and I find the discussion fascinating.

          --
          🏳️‍🌈 Proud Ally 🏳️‍🌈
          • (Score: 2, Interesting) by Anonymous Coward on Wednesday April 07 2021, @04:25PM (1 child)

            by Anonymous Coward on Wednesday April 07 2021, @04:25PM (#1134336)

            Because then you just made the Login name a second password.

            • (Score: 3, Insightful) by Tork on Wednesday April 07 2021, @04:36PM

              by Tork (3914) Subscriber Badge on Wednesday April 07 2021, @04:36PM (#1134339)

              Why is that a problem? What disadvantage outweighs providing an extra avenue to defend against attacks? It's not like we aren't lengthening our password requirements every few years, breaking up our passwords into more human-relatable chunks is inevitable.

              --
              🏳️‍🌈 Proud Ally 🏳️‍🌈
          • (Score: 2) by bzipitidoo on Wednesday April 07 2021, @10:25PM (3 children)

            by bzipitidoo (4388) on Wednesday April 07 2021, @10:25PM (#1134484) Journal

            I have looked into the history of this. Why has it become customary to ask for the username, then the password? Why not ask for the password first, then the username? Or, even better, ask only for a password? It seemed likely it was to allow for the situation in which 2 different users chose the same password. If your password is rejected because someone else is already using it, that's a big clue. Would allow simultaneous attacks against all user accounts. There are, however, ways to mitigate that problem. A password only login system could enforce uniqueness and strength of passwords by adding a few extra random characters to the user's choice.

            The custom of querying for a username then a password goes all the way back to the first "proto-OS" for a computer to handle multiple users, the Compatible Time-Sharing System (CTSS) in the early 1960s. CTSS was the forerunner to Multics and UNIX.

            • (Score: 2) by Tork on Thursday April 08 2021, @12:22AM

              by Tork (3914) Subscriber Badge on Thursday April 08 2021, @12:22AM (#1134547)
              I always thought the reason behind the username was to notify whoever's attempting to enter that that user doesn't exist. Or at least that message is distinct from "your password's wrong."
              --
              🏳️‍🌈 Proud Ally 🏳️‍🌈
            • (Score: 0) by Anonymous Coward on Thursday April 08 2021, @06:07AM (1 child)

              by Anonymous Coward on Thursday April 08 2021, @06:07AM (#1134688)

              What happens when two people have the same password? The username must be unique for each user so that the system can tell them apart, while the password needs to be secret and so can't guarantee uniqueness, otherwise changing your password to match someone else would reveal their password.

              • (Score: 2) by bzipitidoo on Thursday April 08 2021, @01:31PM

                by bzipitidoo (4388) on Thursday April 08 2021, @01:31PM (#1134759) Journal

                That's why a password only login system cannot let the user choose the entire password. Whenever a user sets a password, the system has to change the user chosen password a little bit, salt it, to insure there are no duplicates, and to strengthen them. Pick "1234" for the password, and the system might set it to "1234wXyZ".

        • (Score: 2) by hendrikboom on Wednesday April 07 2021, @09:22PM (1 child)

          by hendrikboom (1125) Subscriber Badge on Wednesday April 07 2021, @09:22PM (#1134448) Homepage Journal

          the days when Unix system design had a degree of naivety towards security, when the only thing stopping "cat /etc/passwd" from listing all the users AND PASSWORDS IN PLAINTEXT was the read file permission bit being set to false

          What days were that? Even in the 1970's, when I first used a Unix system, "caat /etc/passwd" would list the user names and encrypted passwords. And the encryption technique was a many-to-one function so there was not a feasible way to derive the password from the encrypted version.

          And the read permission bit was set to allow reading so that anyone could check a password. But checking that password by encrypting it and comparing was a slow enough operation that straight guesswork was infeasible.

          -- hendrik

          • (Score: 2) by bzipitidoo on Wednesday April 07 2021, @10:08PM

            by bzipitidoo (4388) on Wednesday April 07 2021, @10:08PM (#1134476) Journal

            Security was uneven. Most real UNIX was pretty good, but the clones, not so much. In the late 1980s, I was given admin access to the university's Novell Network of MS-DOS based PCs, for a school assignment, to create a print server. DOS cloned a lot of Unix, but then as now, vendors skimped on the less visible items. That network had everyone's passwords in a password file, in plain text. I saw the passwords of every professor and every student who had reason to have an account. One professor was so cheeky about it, his password was nothing, 0 bytes long, just hit the Enter key.

            It was a bit scary the vandalism I could have caused even inadvertently. The worst I did was cause a network wide starvation of resources with the first working version of my print server. When I tested it, all across the lab, people started commenting that their computers were no longer responding. I very quickly realized it had to be my print server that was doing it, and hit ctrl-c, which very fortunately got everything going again. I had programmed it to scan a specific directory for files, and if any were found, to send them to the printer and delete them. But I hadn't put any delay in between scans of the directory. Added a sleep() to the loop, and that fixed that problem.

    • (Score: 0) by Anonymous Coward on Wednesday April 07 2021, @04:22PM (1 child)

      by Anonymous Coward on Wednesday April 07 2021, @04:22PM (#1134335)

      Personally, I use the username 'u'.

      So you're the reason I keep having to use username 'u2'!

      • (Score: 3, Funny) by Tork on Wednesday April 07 2021, @04:38PM

        by Tork (3914) Subscriber Badge on Wednesday April 07 2021, @04:38PM (#1134341)
        Well he's gonna keep on doing it... with or withooooout you.
        --
        🏳️‍🌈 Proud Ally 🏳️‍🌈
  • (Score: 3, Touché) by The Mighty Buzzard on Wednesday April 07 2021, @01:05PM (4 children)

    by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Wednesday April 07 2021, @01:05PM (#1134251) Homepage Journal

    Okay, I like my privacy as much as the next libertarian type guy but my username and build path are not even slightly sensitive fucking information. Witness:

    My build directory for everything but Rehash stuff on pretty much every box I code on: /home/bob/work/$projectName

    No, my name's not actually Bob. A couple decades ago I couldn't think up a witty username for killing my coworkers in the after hours office LAN party, so I went with the most generic one I could think of instead. And it mildly amuses me to continue to do so for the same reason.

    --
    My rights don't end where your fear begins.
  • (Score: 2) by RamiK on Wednesday April 07 2021, @01:31PM

    by RamiK (1813) on Wednesday April 07 2021, @01:31PM (#1134261)

    complaints are to be filed with your system admin.

    --
    compiling...
  • (Score: 5, Insightful) by Anonymous Coward on Wednesday April 07 2021, @01:39PM

    by Anonymous Coward on Wednesday April 07 2021, @01:39PM (#1134264)

    When same thing compiled by same thing with same settings by different users is not bit-for-bit identical, it is FAIL.

  • (Score: 2, Disagree) by fadrian on Wednesday April 07 2021, @02:04PM (2 children)

    by fadrian (3194) on Wednesday April 07 2021, @02:04PM (#1134269) Homepage

    If you need that much privacy, use C. I'm sure there'll be no issues with that because we're all awesome coders.

    --
    That is all.
    • (Score: 2, Insightful) by Anonymous Coward on Wednesday April 07 2021, @02:14PM

      by Anonymous Coward on Wednesday April 07 2021, @02:14PM (#1134271)

      Like with systemd, the issue is with the organized force pushing a halfbaked... thing down everybodys throats.

    • (Score: 0) by Anonymous Coward on Wednesday April 07 2021, @08:09PM

      by Anonymous Coward on Wednesday April 07 2021, @08:09PM (#1134422)

      At least this explains why Google is pushing using Rust in Android...

  • (Score: 3, Insightful) by Anonymous Coward on Wednesday April 07 2021, @02:26PM

    by Anonymous Coward on Wednesday April 07 2021, @02:26PM (#1134276)

    Of course, any developer who is aware of this issue can trivially build their Rust applications inside of a container, and use a pseudonymous username to minimize impact from the issue.

    Yes, they can do this.

    But, they should not have to, because rustc should never have included these paths into the binary in the first place.

  • (Score: 2) by Rich on Wednesday April 07 2021, @03:46PM (8 children)

    by Rich (945) on Wednesday April 07 2021, @03:46PM (#1134314) Journal

    GCC does that too, and GDB expects absolute paths to find the sources to debug. I've never seen that as security risk, but as annoyance when building on a workstation to an embedded target system. It probably can be bent somehow, but it was never that bad that I figured out how to. The pervasiveness of absolute paths also prevents the common Linux user from having nice application bundles like on the Mac. (There once was a distro that had such bundles, but even those could only ever be located in the application directory because of that)

    I suppose the origin of all that is right at Stallman, who wanted to cancel all software that wouldn't conform exactly to his idea of freedom, which meant using his shitty build system to build from (movable) source into one final location. He saw it as a threat to his ideas if gcc output could be used in any further ways (he also vetoed a proposed ANSI-C backend for gcc that some people wanted to do).

    As a sidenote, nothing against the Free Software movement, but maybe we should insist it being initiated by "Moglen/Stallman". As with "Mate/XOrg/GNU/Linux", never use "Stallman" alone, always use "Moglen/Stallman" for proper attribution, because Eben Moglen wrote the GPL in the first place :)

    • (Score: 0) by Anonymous Coward on Wednesday April 07 2021, @04:11PM (1 child)

      by Anonymous Coward on Wednesday April 07 2021, @04:11PM (#1134332)

      GCC has supported project-root relative paths for many years because it makes the debug files portable between machines. LLVM, which Rust is built on, also supports this but Rust isn't even offering the option. The bigger issue is that Rust is including debug information in production builds, which is poor form.

      • (Score: 2) by Rich on Wednesday April 07 2021, @05:15PM

        by Rich (945) on Wednesday April 07 2021, @05:15PM (#1134350) Journal

        It was many years ago when I came across those troubles, and I guessed they have some options for this now. Yet it's still options that need juggling; way more difficult to handle than with last century's CodeWarrior, which would always have the right debug file. Rather than messing with gcc's build systems I prefer to run and debug the target code on the development machine linked to the hardware backend or a simulation thereof and only cross compile for deployment.

        Also, by now, I don't think it is bad form to leave debug info in production builds. That's the only reasonable way to get usable feedback from those that manage to figure out ways of mishandling the software in ways neither you, nor even an army of testers would have ever thought of. Mac software usually crashes with a full stack crawl in the "Crash Reporter" window, getting it fixed is technically just copypasting this info into an e-mail away. Good thing, IMO.

    • (Score: 2) by pe1rxq on Wednesday April 07 2021, @04:13PM

      by pe1rxq (844) on Wednesday April 07 2021, @04:13PM (#1134334) Homepage

      But gcc has command line options to change the prefix to whatever you want.
      If you want a deterministic and privacy friendly build, gcc will do it.

    • (Score: 0) by Anonymous Coward on Wednesday April 07 2021, @05:11PM (4 children)

      by Anonymous Coward on Wednesday April 07 2021, @05:11PM (#1134349)

      GCC does that too

      (Looking into a stripped binary just compiled from C source) NO it does NOT.

      Did you miss the "such information being included not just in debug builds but their production Rust builds as well" in TFA, or what?

      • (Score: 2) by Rich on Wednesday April 07 2021, @05:33PM (3 children)

        by Rich (945) on Wednesday April 07 2021, @05:33PM (#1134358) Journal

        Well, if it's stripped, it's stripped, inni? Which brings us to the question whether strip would work on rust compiled ELFs?!

        • (Score: 0) by Anonymous Coward on Wednesday April 07 2021, @09:29PM (1 child)

          by Anonymous Coward on Wednesday April 07 2021, @09:29PM (#1134454)

          Those who reported the problem, state that the paths are compiled in.

          • (Score: 0) by Anonymous Coward on Thursday April 08 2021, @06:13AM

            by Anonymous Coward on Thursday April 08 2021, @06:13AM (#1134691)

            That's probably exactly what is happening: The offending paths are in compiler generated exception error messages. That should be handled through the standard methods for reporting tracebacks, but it seems that Rust doesn't follow those standards.

        • (Score: 1) by The Mighty Buzzard on Thursday April 08 2021, @02:20AM

          by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Thursday April 08 2021, @02:20AM (#1134595) Homepage Journal

          Works quite a lot, yes. A quick check with /usr/bin/strings says it most certainly does not remove the project paths though.

          --
          My rights don't end where your fear begins.
  • (Score: 3, Interesting) by vali.magni on Wednesday April 07 2021, @05:00PM (10 children)

    by vali.magni (5678) on Wednesday April 07 2021, @05:00PM (#1134346)

    I'm on the fence about Rust. It's an interesting language, but I'm not sold. The learning curve is steep. Modern C++ can do a lot of things that Rust can. C++ comes with battle tested frameworks and algorithms, together with excellent tooling, profiling and integration.

    I attempted learning and using Rust for about 6 months on some side projects, but Golang and plain old C++ did the job more easily with code that's easier to read and maintain.

    Do others here see any killer uses for Rust where no other language will do?

    • (Score: 2) by hendrikboom on Wednesday April 07 2021, @09:29PM (8 children)

      by hendrikboom (1125) Subscriber Badge on Wednesday April 07 2021, @09:29PM (#1134455) Homepage Journal

      The only advantage Rust has over Go as far as I can see is the absence of garbage collection pauses. There are few applications for which garbage collection pauses are a problem.

      • (Score: 0) by Anonymous Coward on Wednesday April 07 2021, @11:49PM

        by Anonymous Coward on Wednesday April 07 2021, @11:49PM (#1134522)

        Anything real-time or memory constrained can't use tracing collection. TC requires at least 4x the memory to get those pauses down to a reasonable level. Even reference counting is preferable in most cases and even those few exceptions tend to work better with a hybrid approach. Note that Rust also started with a tracing collector but then moved to reference counting and then to their current system due to the performance increases they got from each switch.

      • (Score: 2) by istartedi on Thursday April 08 2021, @12:58AM (6 children)

        by istartedi (123) on Thursday April 08 2021, @12:58AM (#1134560) Journal

        The big advantage of Rust isn't that. It's the "safe by default" approach. You have to explicitly do dangerous things, and most programs don't need to use unsafe constructs.

        Understanding how safety works in Rust is one big hurdle you have to leap, along with a syntax that has some heritage from the ML family of languages and is thus not everybody's cup of tea. I myself haven't leapt in to it. Yes. I love Rust though. I love the fact that other people are using it. :)

        --
        Appended to the end of comments you post. Max: 120 chars.
        • (Score: 0) by Anonymous Coward on Thursday April 08 2021, @02:15AM (4 children)

          by Anonymous Coward on Thursday April 08 2021, @02:15AM (#1134591)

          This comment points to my least favorite thing about Rust. Rust insisted on using the idea of safe/unsafe and branding as "safe by default." There are plenty of dangerous things you can do in "safe" mode that includes memory bugs. But what happens is that a number of people don't know the nuances of what is and isn't safe so then they have a false sense of security because they aren't coding "unsafe."

          • (Score: 1) by The Mighty Buzzard on Thursday April 08 2021, @03:14AM (1 child)

            by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Thursday April 08 2021, @03:14AM (#1134618) Homepage Journal

            It's not perfect but it really is quite good at keeping a noob from the majority of ways to completely fuck the dog memory-safety-wise.

            --
            My rights don't end where your fear begins.
            • (Score: 0) by Anonymous Coward on Thursday April 08 2021, @10:21AM

              by Anonymous Coward on Thursday April 08 2021, @10:21AM (#1134721)

              Of course not, and we don't disagree on that. But the problem is that a number of evangelize it as being perfect or give its limits unclearly and, as a result, a number of people accept that and believe to be perfect or with misunderstandings as to its limits. They love it because it is the most perfect language in its class because of that. Ironically, this leads to so much hate because you end up with people butting heads and talking past each other on its main differentiator from similar languages, which just breeds frustration that is then imputed on the language and the supporters efforts to improve it just make the situation worse because of their bad messaging.

          • (Score: 0) by Anonymous Coward on Friday April 09 2021, @06:20AM (1 child)

            by Anonymous Coward on Friday April 09 2021, @06:20AM (#1135225)

            The only possible memory bug in safe mode is a lost cycle.

            • (Score: 0) by Anonymous Coward on Friday April 09 2021, @08:00AM

              by Anonymous Coward on Friday April 09 2021, @08:00AM (#1135233)

              Keep telling yourself that. [github.com] And those are just the violations of the memory guarantees they attempt to provide that they know of and not the memory bugs that they don't know or that fall outside of said guarantees.

        • (Score: 2) by hendrikboom on Saturday April 10 2021, @09:19PM

          by hendrikboom (1125) Subscriber Badge on Saturday April 10 2021, @09:19PM (#1135813) Homepage Journal

          There have been older languages that are safe by default Modula 3, for example, has been around for decades. What distinguished Rust is that it does it without garbage collection pauses.

          -- hendrik

    • (Score: 1) by The Mighty Buzzard on Thursday April 08 2021, @02:25AM

      by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Thursday April 08 2021, @02:25AM (#1134597) Homepage Journal

      The learning curve isn't really all that steep, there are only a few very atypical but important things you really have to get your head around and then it's just code like any other code. Get lifetimes and ownership squared away in your head and you'll have it down well enough to code it professionally. Assuming you're already capable of coding something else professionally, that is.

      --
      My rights don't end where your fear begins.
  • (Score: 0) by Anonymous Coward on Thursday April 08 2021, @05:56AM

    by Anonymous Coward on Thursday April 08 2021, @05:56AM (#1134681)

    These absolute path names revealed the developer's system username and the overall structure of directories, including the home directory."

    Does rust force you to put stuff in your home directory? I normally don't put such stuff in my home directory.

    I doubt most developers share their development boxes with other people nowadays. So if you're not one of the unlucky people incapable of doing it, just put the stuff elsewhere: /opt/src/rust, /work/rust or whatever. I don't care if potential attackers know these abs paths.

(1)