this post was submitted on 03 Aug 2023
4 points (100.0% liked)

Rust: News

14 readers
1 users here now

Rules [Developing]

founded 1 year ago
MODERATORS
 

The Rust Security Response WG was notified that Cargo did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user.

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here