this post was submitted on 09 Apr 2024
49 points (98.0% liked)
Rust
5999 readers
23 users here now
Welcome to the Rust community! This is a place to discuss about the Rust programming language.
Wormhole
Credits
- The icon is a modified version of the official rust logo (changing the colors to a gradient and black background)
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Were there actually any real-world use-cases affected by this? Do any of them not deserve to be named and shamed irregardless of this vulnerability?
If it was up to me, I would nuke the cmd custom implementation, leave some helpful compile error messages behind, and direct users to some 3rd party crates to choose from.
Doing such a regression on a Tier 1 target would be a really big blow to the language's reputation imo
What custom implementation? The escaping logic?
Edit: to be clear, there is no "custom implementation" of
cmd
itself, nor is the problem exclusive to Rust. This is a problem with the Windowscmd
itself.