From 63e083122cefbc2eff2f420a67946e4c6d4baf16 Mon Sep 17 00:00:00 2001 From: Aleksey Kladov Date: Mon, 22 Mar 2021 13:53:00 +0300 Subject: Document our security stance changelog: feature --- docs/user/manual.adoc | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/docs/user/manual.adoc b/docs/user/manual.adoc index dba2197de..9305d9d1a 100644 --- a/docs/user/manual.adoc +++ b/docs/user/manual.adoc @@ -516,6 +516,20 @@ See https://github.com/rust-analyzer/rust-project.json-example for a small examp You can set `RA_LOG` environmental variable to `rust_analyzer=info` to inspect how rust-analyzer handles config and project loading. +== Security + +At the moment, rust-analyzer assumes that all code is trusted. +Here is a **no-exhaustive** list of ways to make rust-analyzer execute arbitrary code: + +* proc macros and build scripts are executed by default +* `.cargo/config` can override `rustc` with an arbitrary executable +* VS Code plugin reads configuration from project directory, and that can be used to override paths to various executables, like `rustfmt` or `rust-analyzer` itself. +* rust-analyzer's syntax trees library uses a lot of `unsafe` and hasn't been properly audited for memory safety. + +rust-analyzer itself doesn't access the network. +VS Code plugin doesn't access the network unless the nightly channel is selected in the settings. +In that case, the plugin uses GitHub API to check for and download updates. + == Features include::./generated_features.adoc[] -- cgit v1.2.3 From 2b427fa3dd49efd2bf22620cd0bebffc6147be47 Mon Sep 17 00:00:00 2001 From: Aleksey Kladov Date: Mon, 22 Mar 2021 13:55:16 +0300 Subject: Update docs/user/manual.adoc Co-authored-by: bjorn3 --- docs/user/manual.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/user/manual.adoc b/docs/user/manual.adoc index 9305d9d1a..44f388930 100644 --- a/docs/user/manual.adoc +++ b/docs/user/manual.adoc @@ -519,7 +519,7 @@ You can set `RA_LOG` environmental variable to `rust_analyzer=info` to inspect h == Security At the moment, rust-analyzer assumes that all code is trusted. -Here is a **no-exhaustive** list of ways to make rust-analyzer execute arbitrary code: +Here is a **non-exhaustive** list of ways to make rust-analyzer execute arbitrary code: * proc macros and build scripts are executed by default * `.cargo/config` can override `rustc` with an arbitrary executable -- cgit v1.2.3 From 2469af301780763cfcba728f275021da1ad42544 Mon Sep 17 00:00:00 2001 From: Aleksey Kladov Date: Mon, 22 Mar 2021 13:56:13 +0300 Subject: Apply suggestions from code review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Laurențiu Nicola --- docs/user/manual.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/user/manual.adoc b/docs/user/manual.adoc index 44f388930..8656dd1da 100644 --- a/docs/user/manual.adoc +++ b/docs/user/manual.adoc @@ -527,8 +527,8 @@ Here is a **non-exhaustive** list of ways to make rust-analyzer execute arbitrar * rust-analyzer's syntax trees library uses a lot of `unsafe` and hasn't been properly audited for memory safety. rust-analyzer itself doesn't access the network. -VS Code plugin doesn't access the network unless the nightly channel is selected in the settings. -In that case, the plugin uses GitHub API to check for and download updates. +The VS Code plugin doesn't access the network unless the nightly channel is selected in the settings. +In that case, the plugin uses the GitHub API to check for and download updates. == Features -- cgit v1.2.3