According to StackOverflow’s 2020 developer survey, Rust has taken the top spot as the most loved programming language.
Nevertheless, for the past five years, developers have been concerned by their production builds leaking potentially sensitive debug information, writes Ax Sharma.
Back in 2017, a Rust developer posted an issue on the Rust lang’s GitHub asking, “How can I stop rustc [from] including system specific information such as absolute file paths of the source it’s compiled from in the binaries it generates?”
The developer shared some examples of paths retained in their production builds:
These path names revealed the developer’s system username and the overall structure of directories, including the home directory.
While the “leak” of usernames and absolute paths may seem trivial to a reader, over the years, several developers noticed such information being included not just in debug builds but their production Rust builds as well:
Because Rust project did not fix this issue at that time, workarounds such as using the “abort upon panic” option were proposed by the community members, but unfortunately, none of these worked.
In August 2020, developer Dmitry Zakablukov stated:
I have found, that if a library contains code that may panic (slices, unwraps, etc.), then a filename of such source file will be included in a binary. Release build doesn’t change this behavior, neither debug symbols stripping do. I have tried to turn o ..
Support the originator by clicking the read the rest link below.
