Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Truth is, if you want to protect yourself, you need to build in a VM, AND run the binary in a VM. Regardless of the language, that's not specific to Rust.

I have been in the practice of running build scripts/package installers in a container for projects that I don't explicitly trust for a while now. I wish more people saw the value in doing so.

I used to build everything in my homedir as well until about 6-7 years ago when there was a big outbreak of malware scripts on NPM. Quickly realized the folly of running so much untrusted code with the same privileges that I use to do everything short of administrating my machine.



This protects your machine but not necessarily the resulting binary code. Nothing prevents the malware from patching the source before building and removing the patch before the end, resulting in a binary and a package that contain code that doesn't match your trusted sources.

As a general rule, it must always be possible to build without network access, otherwise you're having a big trust problem. And once you know you're having all your dependencies, only then you can think about sandboxing all this stuff after having carefully studied it.


In many (but not all) Linux package distributions, malware is filtered out by maintainers. In other package distributions, maintainers are omitted, because «it's too hard». Instead, everybody protects it's own system alone.

Even if your ssh-key will not be stolen when project is built, it still can happen when malware will be shipped to your client. How you protect your client?


Please remember that by default running in a container (docker) is not secure. Unfortunately you need to invest some time and brainpower to improve security.


For what reasons specifically? Namespaces not being good enough (if the malware is more complex and tries to exploit the kernel)?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: