top | item 46651400

(no title)

DonnyV | 1 month ago

"Rust is self-hosting: To build a new rustc, you need an existing rustc binary (usually the previous stable release). This creates a chain of trust that goes back to the very first bootstrap (historically from OCaml, but modern versions rely on prior Rust binaries).

If any link in that historical chain was ever compromised the backdoor can live on indefinitely.

Unlike C/C++ (which has diverse independent compilers like GCC, Clang, MSVC), Rust has essentially one production compiler (rustc). This makes diverse double-compilation (DDC), the main defense, much harder. DDC involves compiling the compiler source with multiple independent compilers and checking that the outputs match (proving the binary corresponds to the source). With only one mature compiler, you can't easily cross-verify.

There have been public demonstrations of exactly this kind of attack working on Rust (e.g., Manish Goregaokar's "Reflections on Rusting Trust" in 2016."

https://x.com/lmilsfsd/status/2011920950070046787

discuss

hyperman1|1 month ago

I assume mrustc is capable of bootstrapping rust?

https://github.com/thepowersgang/mrustc

bigyabai|1 month ago

Lunduke is not a programmer, he's a tech influencer. If he cannot point to the part of the Open Source program that is backdoored, it's probably another one of his meaningless ragebait pieces.

Suffice to say that Lunduke is technology's "Boy who cried Wolf" concerning security research.