Rust Programming Language Raises Privacy Concerns
Rust Developers Have Repeatedly Raised Concerns About an Unsolved Privacy Issue from 2017.
According to StackOverflow’s 2020 developer survey, Rust has taken the top spot as the most loved programming language.
Nevertheless, for the past five years, developers have been concerned by their production builds leaking potentially sensitive debug information, writes security researcher Ax Sharma.
Back in 2017, a Rust developer posted an issue on the Rust lang’s GitHub asking, “How can I stop rustc [from] including system specific information such as absolute file paths of the source it’s compiled from in the binaries it generates?”
The developer shared some examples of paths retained in their production builds:
These path names revealed the developer’s system username and the overall structure of directories, including the home directory.
While the “leak” of usernames and absolute paths may seem trivial to a reader, over the years, several developers noticed such information being included not just in debug builds but their production Rust builds as well:
Because Rust project did not fix this issue at that time, workarounds such as using the “abort upon panic” option were proposed by the community members, but unfortunately, none of these worked.
In August 2020, developer Dmitry Zakablukov stated:
I have found, that if a library contains code that may panic (slices, unwraps, etc.), then a filename of such source file will be included in a binary. Release build doesn’t change this behavior, neither debug symbols stripping do. I have tried to turn on “abort” for panic in release profile. Even though this resulted in a smaller binary size, it doesn’t wipe out source file names from the binary.
Other suggested workarounds included varying parameters like system time, username, time zone, locale, hostname, etc.
Regardless of being a privacy risk, the unpremeditated inclusion of metadata such as absolute paths may help computer forensics experts and law enforcement since the path could reveal system usernames.
This week, a developer posted another issue titled “Registry paths hard coded in binary” on the Rust project’s GitHub centering attention back towards this problem:
Hardcoded paths in binary with username and fs paths. bloats binary, prevent reproducibility, and violates privacy. Even in release mode.
Strip command does not properly remove everything too.
The developer also stated that it remains unknown how many developers using Rust are unaware that their applications are revealing their system paths and usernames.
According to Sharma, the developer’s main concern was that Rust is becoming more and more popular, so this can start affecting a larger number of developers. What’s more, this behavior is not documented, and there isn’t a way to prevent the leakage.
For the moments, how or when the Rust team plans on resolving this issue is an unknown matter, but the increased pressure from the developer community seems to be driving Rust maintainers towards a working direction.
It’s sad that no one seems to care about this issue. What’s happened a year on? What’s happened when you’ve tried to tell people about this?