6 comments

[ 3.4 ms ] story [ 45.6 ms ] thread
Note that the likelihood of this being an actual security issue is extremely low. Rust just takes memory safety very seriously.
Stuff like this just give me more trust that the rust team is taking the promises of the language very seriously.
Imagine if there were a CVE number for every API in the C++ standard library that could segfault if blatantly misused.
This just looks like it allows to bypass safety checks without marking the code as unsafe. But so do most of the bugs listed in https://github.com/rust-lang/rust/labels/I-unsound%20%F0%9F%...? What makes this different that it's a security issue now?
I can't speak for the team, but I'm guessing that it's considered more severe of an issue because it affects backwards compatibility.
This sounds right to me. Rust takes its compatibility promise seriously, but reserves the right to break it when there's a security issue. This looks like it's one of those times.