> - Other vendor, like libc, winapi, rustix, io-lifetimes, URL,
> linux-raw-sys, have network functions but could identify if they
> are used by cargo.
In newer version of Cargo, it also has gitoxide, destined to replace libgit2. This library obviously also connects to the Internet.
> Some usage of "unsafe" method in the main tree and also in vendors. It
> seems necessary to do those kind of operations but also disable rust
> protections that avoids memory leaks out out of bound problems
This is a common misconception of what `unsafe` means. In Rust, `unsafe` only allows you to deference raw pointers and call to other `unsafe` functions (e.g. functions from across the FFI boundary). All the other smart pointers or safe constructs are still under the compiler's supervision.
Out-of-bound (OOB)/double-free/use-after-free (UAF) issues in `unsafe` usually occur outside of Rust territory (may be caused by external functions).
In safe Rust, memory leaks can also occur due to cyclic memory references (when using referenced pointers like `Rc` or `Arc`).
In `unsafe` Rust, assuming semantic soundness is proved for all the `unsafe` blocks, the whole program is still sound. Please see https://dl.acm.org/doi/10.1145/3158154 for more information on how this could be provable.
I believe there are some minor issues with the report:
> - CVE History /github. com/rust- lang/cargo/ security. Rust upstream will publish all the CVE information here.
I would recommend taking a look at https:/
> - Other vendor, like libc, winapi, rustix, io-lifetimes, URL,
> linux-raw-sys, have network functions but could identify if they
> are used by cargo.
In newer version of Cargo, it also has gitoxide, destined to replace libgit2. This library obviously also connects to the Internet.
> Some usage of "unsafe" method in the main tree and also in vendors. It
> seems necessary to do those kind of operations but also disable rust
> protections that avoids memory leaks out out of bound problems
This is a common misconception of what `unsafe` means. In Rust, `unsafe` only allows you to deference raw pointers and call to other `unsafe` functions (e.g. functions from across the FFI boundary). All the other smart pointers or safe constructs are still under the compiler's supervision.
Out-of-bound (OOB)/double- free/use- after-free (UAF) issues in `unsafe` usually occur outside of Rust territory (may be caused by external functions).
In safe Rust, memory leaks can also occur due to cyclic memory references (when using referenced pointers like `Rc` or `Arc`).
In `unsafe` Rust, assuming semantic soundness is proved for all the `unsafe` blocks, the whole program is still sound. Please see https:/ /dl.acm. org/doi/ 10.1145/ 3158154 for more information on how this could be provable.