Critical Rust flaw enables Windows command injection attacks - eviltoast
  • FizzyOrange@programming.dev
    link
    fedilink
    arrow-up
    57
    arrow-down
    1
    ·
    7 months ago

    Seems a bit clickbaity to me. It’s a flaw in Windows/cmd.exe, not Rust. Rust is just called out because it tries to emulated proper argument passing on Windows (and didn’t get it perfectly right). All languages are affected by this but most of them just throw their hands in the air and say “you’re on your own”:

    • Erlang (documentation update)
    • Go (documentation update)
    • Haskell (patch available)
    • Java (won’t fix)
    • Node.js (patch will be available)
    • PHP (patch will be available)
    • Python (documentation update)
    • Ruby (documentation update)

    It’s also extremely unlikely that you’d be running a bat script with untrusted arguments on Windows.