To some extent, yes. I'm not familiar enough with Rust's lint modes to say much more than that. I'm going to try using Rust for a while before giving a more detailed proposal.
However, I will give a more concrete example, now that I know slightly more. In servo.rc (in the servo project), there's a line like this: extern mod stb_image; I want to be able to write it something like this: extern mod rust-jpeg ( nogc, safe ); Doing so should ensure that the library cannot do GC or anything directly or indirectly unsafe (alternatively, it should import the version that was compiled that way). Then, the servo project can be sure that rust-jpeg cannot perform any unsafe operations (or GC), without manual audits of its imports or code. It essentially removes the JPEG library from the TCB (trusted computing base) of Servo. Carefully applied, it would make servo much more secure against maliciousness via supporting libraries. The important thing, to my mind, is that I don't have to audit the rust-jpeg library at all, and the worst it can do (probably) is a denial of service. If this became standard practice for Rust code, it would be a systems language in which it's feasible to easily include relatively untrusted third-party libraries, securely, and interact with them naturally. I think there's a lot of mileage in that. Grant. On Thu, Apr 4, 2013 at 10:39 PM, Niko Matsakis <[email protected]> wrote: > It sounds to me like you're talking about something similar to the current > lint modes for GC etc? > > Niko >
_______________________________________________ Rust-dev mailing list [email protected] https://mail.mozilla.org/listinfo/rust-dev
