A Rust procedural macro (proc macro) is a metaprogramming feature in Rust that allows you to define custom syntax extensions and code transformations. They operate on the abstract syntax tree (AST) of Rust code during compilation and can generate or modify code based on annotations or custom syntax.
Sandboxing a Rust proc macro refers to restricting the capabilities of the macro to improve security and prevent potentially harmful code execution. There are several reasons why someone might want to sandbox a proc macro:
Security: Untrusted code can be executed during the macro expansion process. To prevent malicious code execution or code that could access sensitive information, sandboxing techniques are employed.
Preventing unintended side effects: Some proc macros might inadvertently introduce side effects like file I/O or network requests. Sandboxing can limit these actions to ensure the macro only performs intended transformations.
Resource control: To manage system resources, a sandboxed proc macro can be configured to run within resource limits, preventing excessive memory or CPU usage.
Isolation: Sandboxing helps keep the macro’s execution isolated from the rest of the compilation process, reducing the risk of interfering with other parts of the code.
Sandboxing a Rust proc macro typically involves using crates like sandbox or cap-std to restrict the macro’s capabilities and limit its access to the system. This ensures that the macro operates within a controlled environment, enhancing the overall safety of code compilation and execution.
-GPT
I didn’t get it either.
Seems to me if your code will be this unpredictable, you should only run it on an air gapped machine
The difference between those macros („procedural macros“) and regular macros is that while regular macros are pretty much only templated code that is unfolded, proc macros contain code that is run at compile time, so they are more powerful but also more dangerous from a security perspective as you would expect just compiling a program to be safe.
Also: is copy pasting ChatGPT answers a thing now even when you, as you said, don’t even know what it means??
Also: is copy pasting ChatGPT answers a thing now even when you, as you said, don’t even know what it means??
As long as it’s annotated as such I don’t mind, even if it’s wrong. And if it’s wrong you’re more likely to get people to actually respond via a “umm but actually” type response
I understood the answer, not the meme. I guess I wasn’t clear. Sorry internet friend. Clearly GPT was lacking some nuance too, as evidenced by some discussion ITT.
A Rust procedural macro (proc macro) is a metaprogramming feature in Rust that allows you to define custom syntax extensions and code transformations. They operate on the abstract syntax tree (AST) of Rust code during compilation and can generate or modify code based on annotations or custom syntax.
Sandboxing a Rust proc macro refers to restricting the capabilities of the macro to improve security and prevent potentially harmful code execution. There are several reasons why someone might want to sandbox a proc macro:
Security: Untrusted code can be executed during the macro expansion process. To prevent malicious code execution or code that could access sensitive information, sandboxing techniques are employed.
Preventing unintended side effects: Some proc macros might inadvertently introduce side effects like file I/O or network requests. Sandboxing can limit these actions to ensure the macro only performs intended transformations.
Resource control: To manage system resources, a sandboxed proc macro can be configured to run within resource limits, preventing excessive memory or CPU usage.
Isolation: Sandboxing helps keep the macro’s execution isolated from the rest of the compilation process, reducing the risk of interfering with other parts of the code.
Sandboxing a Rust proc macro typically involves using crates like
sandboxorcap-stdto restrict the macro’s capabilities and limit its access to the system. This ensures that the macro operates within a controlled environment, enhancing the overall safety of code compilation and execution.-GPT
I didn’t get it either.
Seems to me if your code will be this unpredictable, you should only run it on an air gapped machine
It’s just compile time code execution.
The difference between those macros („procedural macros“) and regular macros is that while regular macros are pretty much only templated code that is unfolded, proc macros contain code that is run at compile time, so they are more powerful but also more dangerous from a security perspective as you would expect just compiling a program to be safe.
Also: is copy pasting ChatGPT answers a thing now even when you, as you said, don’t even know what it means??
As long as it’s annotated as such I don’t mind, even if it’s wrong. And if it’s wrong you’re more likely to get people to actually respond via a “umm but actually” type response
GPT is fairly useful but I definitely don’t trust it implicitly. Lol
I understood the answer, not the meme. I guess I wasn’t clear. Sorry internet friend. Clearly GPT was lacking some nuance too, as evidenced by some discussion ITT.
I’m pretty sure they operate on tokens not AST.
But now you do? I don’t understand what the image has to do with any of this.
Did I say that? It’s obvious that it’s a fairly nuanced as topics go, and GPT is not great at nuance. It doesn’t seem like it’s totally wrong though.
Anyhow I don’t rust, so it’s kinda irrelevant, just an interesting topic.
I didn’t know if you said that, that’s why I asked.