[privacy/compile-time]: Building rust/cargo projects may leak the compiler's pc username as full homedir paths are getting compiled in - even in the release (and striped) binaries. (the user supposedly distributes these binaries) Is this intended for some reason?

This page summarizes the projects mentioned and recommended in the original post on reddit.com/r/rust

Our great sponsors
  • Scout APM - Less time debugging, more time building
  • SonarQube - Static code analysis for 29 languages.
  • SaaSHub - Software Alternatives and Reviews
  • Cargo

    The Rust package manager

    On Linux I created a fresh user 'johndoe', and I cloned and built the 'cargo' crate with the followings: $ rustup toolchain install stable $ git clone https://github.com/rust-lang/cargo.git $ cd ./cargo $ cargo build --release $ xxd -c 48 ./target/release/cargo | grep --color $USER You can see the output on the attached picture below. Many '/home/johndoe/...' paths are getting hardcoded in the release build.

  • rust

    Empowering everyone to build reliable and efficient software.

    It's a known behavior, that also exists in many compiled languages, and can the desired behavior in some contexts. Follow the issues mentioned in that first one to read about some mitigation efforts. In the meantime, use a CI or a local VM if you want to distribute anonymized binaries.

  • Scout APM

    Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

  • rfcs

    RFCs for changes to Rust

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts