It’s if you write a program that allows the end user to call a command prompt and don’t carefully sanitize the input, bad things could happen.
I mean, maybe Windows could do something different but if you wrote JavaScript that takes text input from a webpage and pass it to “sudo bash ##commands”, you’re going to have a bad time.
It’s complete click bait because Rust has a reputation for security.
It’s definitely not Rust’s fault, but it’s kinda Windows’ one and cmd.exe escape logic… It’s really difficult to write logic that will correctly escape any argument given to it, cmd.exe really is a pain to deal with :/
The Rust security team faced a significant challenge when dealing with cmd.exe’s complexity since they couldn’t find a solution that would correctly escape arguments in all cases.
As a result, they had to improve the robustness of the escaping code and modify the Command API. If the Command API cannot safely escape an argument while spawning the process, it returns an InvalidInput error.
“If you implement the escaping yourself or only handle trusted inputs, on Windows you can also use the CommandExt::raw_arg method to bypass the standard library’s escaping logic,” the Rust Security Response WG added.
I get that in situations where they can’t safely escape a parameter they’ll just stop with an error, which sound as sane as one could go with this!
It’s not Rust, the language or even Windows.
It’s if you write a program that allows the end user to call a command prompt and don’t carefully sanitize the input, bad things could happen.
I mean, maybe Windows could do something different but if you wrote JavaScript that takes text input from a webpage and pass it to “sudo bash ##commands”, you’re going to have a bad time.
It’s complete click bait because Rust has a reputation for security.
It’s definitely not Rust’s fault, but it’s kinda Windows’ one and cmd.exe escape logic… It’s really difficult to write logic that will correctly escape any argument given to it, cmd.exe really is a pain to deal with :/
I get that in situations where they can’t safely escape a parameter they’ll just stop with an error, which sound as sane as one could go with this!