The bug used by that repository [1] isn't the only one that can be used to escape the Safe Rust type system. There are a couple others I've tried [2] [3], and the Rust issue tracker currently lists 92 unsoundness bugs (though only some of them are general-purpose escapes), and that's only the ones we know about.These bugs are not really a problem in practice though as long as the developer is not malicious. However, they are a problem for supply chain security or any case where the Rust source is fully untrusted.
[1]: https://github.com/rust-lang/rust/issues/25860
[2]: https://github.com/rust-lang/rust/issues/57893
[3]: https://github.com/rust-lang/rust/issues/133361
No comments yet.