Exfiltrating secrets with macros: leveraging macro expansion in IDEs to exfiltrate secrets without compiling the code or even opening a file
Conversation
Every time something like this happens with proc macros I’m reminded of dtolnay’s `watt`, which executes proc macros inside of a WASM sandbox:
1
8
64
I don't know why people focus so much on proc macros and build scripts as the problem here. If you don't want arbitrary code to run when you open your editor, don't configure your editor to run build scripts and proc macros when you open it
3
8
This Tweet was deleted by the Tweet author. Learn more
rust-analyzer should ask for permission pee crate before running them and allow you to quickly open the corresponding crate if you're so inclined. Allowing a crate version could be shared amongst all projects so you don't have to allow it again.
1
3
On updates the default should be to ask again, with an option to "trust all versions".
1
1
Longer term, what I want to see is const fn based proc-macros. Those should cover 80% of cases and the other 20% is a smaller surface to audit.
4
1
9
I was thinking some sort of capability based model might be nice for this kind of thing? Not sure how easy it would be to retrofit though :( github.com/bytecodeallian