[privacy/compile-time]: Building rust/cargo projects may leak the compiler's pc username as full homedir paths are getting compiled in - even in the release (and striped) binaries. (the user supposedly distributes these binaries) Is this intended for some reason?

This page summarizes the projects mentioned and recommended in the original post on /r/rust

Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
  • Cargo

    The Rust package manager

    On Linux I created a fresh user 'johndoe', and I cloned and built the 'cargo' crate with the followings: $ rustup toolchain install stable $ git clone https://github.com/rust-lang/cargo.git $ cd ./cargo $ cargo build --release $ xxd -c 48 ./target/release/cargo | grep --color $USER You can see the output on the attached picture below. Many '/home/johndoe/...' paths are getting hardcoded in the release build.

  • rust

    Empowering everyone to build reliable and efficient software.

    It's a known behavior, that also exists in many compiled languages, and can the desired behavior in some contexts. Follow the issues mentioned in that first one to read about some mitigation efforts. In the meantime, use a CI or a local VM if you want to distribute anonymized binaries.

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  • rfcs

    RFCs for changes to Rust

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts