Document our security stance

changelog: feature
author: Aleksey Kladov <[email protected]> 2021-03-22 10:53:00 +0000
committer: Aleksey Kladov <[email protected]> 2021-03-22 10:53:00 +0000
commit: 63e083122cefbc2eff2f420a67946e4c6d4baf16 (patch)
tree: cc071d0d850b25d4112c48145306024719c20e41 /docs/user
parent: 27befe6c7fe064b364182e2ad54825b5e5f9dee3 (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/docs/user/manual.adoc b/docs/user/manual.adoc
index dba2197de..9305d9d1a 100644
--- a/docs/user/manual.adoc
+++ b/docs/user/manual.adoc
@@ -516,6 +516,20 @@ See https://github.com/rust-analyzer/rust-project.json-example for a small examp
 You can set `RA_LOG` environmental variable to `rust_analyzer=info` to inspect how rust-analyzer handles config and project loading.
+== Security
+At the moment, rust-analyzer assumes that all code is trusted.
+Here is a **no-exhaustive** list of ways to make rust-analyzer execute arbitrary code:
+* proc macros and build scripts are executed by default
+* `.cargo/config` can override `rustc` with an arbitrary executable
+* VS Code plugin reads configuration from project directory, and that can be used to override paths to various executables, like `rustfmt` or `rust-analyzer` itself.
+* rust-analyzer's syntax trees library uses a lot of `unsafe` and hasn't been properly audited for memory safety.
+rust-analyzer itself doesn't access the network.
+VS Code plugin doesn't access the network unless the nightly channel is selected in the settings.
+In that case, the plugin uses GitHub API to check for and download updates.
 == Features
 include::./generated_features.adoc[]
author	Aleksey Kladov <[email protected]>	2021-03-22 10:53:00 +0000
committer	Aleksey Kladov <[email protected]>	2021-03-22 10:53:00 +0000
commit	63e083122cefbc2eff2f420a67946e4c6d4baf16 (patch)
tree	cc071d0d850b25d4112c48145306024719c20e41 /docs/user
parent	27befe6c7fe064b364182e2ad54825b5e5f9dee3 (diff)

diff --git a/docs/user/manual.adoc b/docs/user/manual.adoc index dba2197de..9305d9d1a 100644 --- a/docs/user/manual.adoc +++ b/docs/user/manual.adoc
@@ -516,6 +516,20 @@ See https://github.com/rust-analyzer/rust-project.json-example for a small examp
516		516
517	You can set `RA_LOG` environmental variable to `rust_analyzer=info` to inspect how rust-analyzer handles config and project loading.	517	You can set `RA_LOG` environmental variable to `rust_analyzer=info` to inspect how rust-analyzer handles config and project loading.
518		518
		519	== Security
		520
		521	At the moment, rust-analyzer assumes that all code is trusted.
		522	Here is a no-exhaustive list of ways to make rust-analyzer execute arbitrary code:
		523
		524	* proc macros and build scripts are executed by default
		525	* `.cargo/config` can override `rustc` with an arbitrary executable
		526	* VS Code plugin reads configuration from project directory, and that can be used to override paths to various executables, like `rustfmt` or `rust-analyzer` itself.
		527	* rust-analyzer's syntax trees library uses a lot of `unsafe` and hasn't been properly audited for memory safety.
		528
		529	rust-analyzer itself doesn't access the network.
		530	VS Code plugin doesn't access the network unless the nightly channel is selected in the settings.
		531	In that case, the plugin uses GitHub API to check for and download updates.
		532
519	== Features	533	== Features
520		534
521	include::./generated_features.adoc[]	535	include::./generated_features.adoc[]