It's not really the same issue: trusting trust is about the compiler changing the code it's compiling (including changing a compiler it's compiling to continue having this behavior), whereas the Rust thing is that macros can execute arbitrary Rust including networking code. The Rust problem is equivalent to putting arbitrary code in your makefile. It's something that you could sandbox and disallow (say, by running the compiler in a container). Whereas trusting trust is very hard to detect because the compiler's output binary is what's been compromised and you can't easily tell.

On Sat, May 15, 2021 at 3:24 PM Herb Sutter via SG7 <> wrote:

Below, I emailed the “Trusting Trust” reference during our SG7 session on Circle in Prague, because SG7 was in the middle of discussing concerns about Circle’s approach of linking arbitrary libraries and executing them at compile time.


Since yesterday, I noticed the following tweets about Rust…


Tony “Abolish ICE” Arcieri 🦀 on Twitter: "Exfiltrating secrets with @rustlang macros: leveraging macro expansion in IDEs to exfiltrate secrets without compiling the code or even opening a file" / Twitter


Ralf (RPW) on Twitter: "„Open innocent_app in VSCode*, and the contents of your .ssh/id_rsa file will be sent over TCP to localhost:8080. You don't even need to open any files in the project!“" / Twitter


Björk on Twitter: "@hankadusikova ... Wait, what? You can do compile-time I/O (networking) in Rust, or is this because of plugins executing arbitrary code?" / Twitter


David "Bear Feeder" Pollak🐈 on Twitter: "Oh crap! This will be 2021’s side channel attack… guess we have to run our compilers in containers with no network access…" / Twitter


This sounds a lot like the same issue… is it?


(Ah, I just saw Hana’s tweet before hitting Send – yup, sounds like it is the same issue, thank you Hana.)




From: Herb Sutter
Sent: Thursday, February 13, 2020 7:59 AM
Subject: Thompson Turing lecture



As we we think about extensible compilers and JITs, this is a classic paper worth remembering about supply chain issues with just ordinary closed compilers.




SG7 mailing list