-
Notifications
You must be signed in to change notification settings - Fork 12.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable --remap-path-prefix for absolute paths by default #40552
Comments
We may need to record path mappings in a file if we also want to process paths in debug information. |
Seems like we now have a working and stable solution. Closed. |
So what's the current solution to not include the path in the exe (when building with cargo)? |
Try something like |
Can we reopen this to track having rustc do this by default? You shouldn't have to know both that rustc does this and this obscure mechanism for changing it to protect privacy. It should just do it. |
I think this would need an RFC to come up with a solid solution that doesn't break debugging (which relies on these paths being contained in debuginfo). cc @rust-lang/core |
@michaelwoerister But it should be stripped automatically from --release builds! |
An RFC would need to cover both debug and release builds. |
@michaelwoerister this didnt work for me and a username and full path was still present. and yes i also used the if it helps you including user ids like this violates gdpr https://gdpr.eu/eu-gdpr-personal-data/ so this should be addressed by the rust team. in 2020 people care about privacy and this can be a put off like rust-lang/mdBook#847 where people actively worked away from the project due to the disrespect of user privacy |
To be honest, I expected that release binaries do not contain information like this. Would this be an option to cut the string in these cases? |
not sure if part of the message got dropped. what is the option you are suggesting? the provided RUSTFLAGS dont actually work. it seems the rust team thinks this is acceptable for release binaries for some reason. perhaps more attention on the issue may help given the push for privacy in 2020 unrelated but this also causes an issue with reproducible builds since the strings and usernames will differ from person to person |
It seems to me that two different people building two identical programs with identical build args on different (but same-architecture) systems should receive the same output binary regardless of the name in I'm not going to weigh in on the privacy issue (I think that if you're privacy conscious, This probably means stripping any mention of local environment, build time, and file paths before the root/prefix of the build. |
I really enjoy using Rust for personal side projects. It made me a better C++ developer. I'm excited about stabilized const generics to be able to speed up my linear algebra code. |
I think this might be more of an issue for the @rust-lang/core team rather than the @rust-lang/compiler team to discuss. |
This comment has been minimized.
This comment has been minimized.
@unpavedmop The Rust developers only have so much time and a large portion of the user base either don't care or work around it by building release artifacts in Docker containers or on a CI service, so they (rightly) conclude that, barring more contributors showing up, it's more important to work on things that don't have such a simple workaround. (For example, the long-awaited |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
came to report tthe same
this didnt work for me, user still in binary, and not flexible to use wildcard for src path
+1 |
I was linked this issue from Reddit, and I got interested as personally having good privacy-preserving defaults is important to me. I spoke informally with some colleagues, and it sounds like:
Some specific thoughts on what should be in such an RFC:
Personally, I think this is important and should be addressed quickly, but I'm not in a position at the moment to follow up and make this happen. I hope someone else can pick this up. |
As suggested, I filed an issue about Quick summary: It replaces Another issue not strictly to do with |
@rust-lang/core & @rust-lang/compiler any chance of official comment on this? seems here and in reddit there is significant user interested in it being fixed. workarounds dont work, and using ci is not a solution as same issue is present there, even if different user name @alercah also suggest rust team input on this which is absent. i dont think its reasonable to force community to fix this as many wont have nessesary compiler knowledge to do so. some maybe even new to rust and want to see a fix but cant help due to skills lacking |
This is a significant footgun for those just learning Rust, without extensive technical backgrounds. Windows explicitly prompts you to use your real name as your username, and includes that as part of your path, so it's a reasonable expectation that newer users of Rust will have a username containing personal information. Rust tutorializes users to build on their own machine by opening a terminal window and typing "cargo build". Doing these two things as-directed will create an unsafe binary by default -- safe code maybe, but not a safe user. If Rust intends to be a welcome and inviting first-language, something core to the Rust book and community, expecting them to protect themselves by pouring over docs and github issues and rfcs to find |
@recatek If you think symbols should be omitted by default, I'd recommend opening an RFC (see the instructions in https://github.com/rust-lang/rfcs/#readme). It should address at least the following drawbacks:
I'm not a member of the compiler or core teams, but I'd speculate the reason they haven't made an RFC is because they aren't stakeholders: their names are already public, so this feature doesn't help them. It would be great to have the RFC come from someone who plans to use this feature, not from a team member on behalf of someone else. |
you miss his point. how can you expect new rust people to know about rfc or arcane options that dont work right. someone new cant rfc since they cant include how to fix due to not knowing rust or compiler. there is too much expectation here for new people to fix a compiler when they likely dont have knowledge or skill to do so. this should be default, or easier to find/use like |
@chemsaf3 This issue is really about changing the default. If you want |
@sanxiyn i think default for |
From this, I get the impression there's been a miscommunication. An RFC is the formal way to request a change to Rust, so there's no reason new people should need to know about it, any more than with any other RFC got accepted and resulted in a change to the compiler. @jyn514 is just saying that the request should be written by someone who knows what matters most to them, rather than a team member who's just guessing. |
I'm going to close this in favor of the tracking issue for the merged RFC: #111540 |
According to #40374 , a part of private information is leaked by the path string living in the compiled binaries. To protect privacy and help debugging, I think we can let rustc to mangle the path. Here is my solution:
Basically, we can hide the 'insignificant' part of the path (which usually contains some private and/or unrelated info), leave 'significant' part untouched. Then what is the 'significant' part of a path? Here is an example: Assume that we have a project
foobar
which is in user's home directory (here I use a windows path, on *nix things work similarly):In this case, the useful part is the crate name and the part after the crate name, i.e.
Assuming we have a mod called 'somemod', then after mangling, the new path looks like:
which not only saves the relatitionship information between sources files, but also protects the privacy of the user (since no more user name or aboslute path exists) !
The next question is how to process all paths under this rule. From what I know, all compiled code of a crate comes from 4 sources:
We could specify different root names for these sources to indicate their origin:
[crates.io]
. Example:C:\Users\username\.cargo\registry\src\git.luolix.top-1ecc6299db9ec823\winapi-0.2.8\
will be mangled to[crate.io]\winapi-0.2.8\
[username@git server name]
. Example:https://github.com/rust-lang/rust
will be manged to[rust-lang@github.com]/rust
[local]
. Example:D:\workspaces\foobarng\
will be mangled to[local]\foobarng\
crate
. Example:C:\Users\username\Documents\foobar\
will be mangled to[crate]\foobar\
And for helping debuggers, all paths in debugging information won't be modified. Thus, users still know where the debugging code is, and won't worry about leaking privacy (just need stripping out debugging information before packaging on *nix, or not distributing .pdb files on windows).
The text was updated successfully, but these errors were encountered: