{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreie6gbo447kf32sszxvtyb43mj7evmicyaqxyo2ijz3hwthjwqvfoe",
    "uri": "at://did:plc:ivbknywyskln22er3nkssdhl/app.bsky.feed.post/3mj6tc3j2yye2"
  },
  "path": "/t/build-security/24166#post_5",
  "publishedAt": "2026-04-10T20:07:40.000Z",
  "site": "https://internals.rust-lang.org",
  "textContent": "It doesn’t even have to be a transmute or anything, an unsandboxed procmacro can just `extern \"C\" { fn open(…); }` and call OS APIs directly. Hiding `std`s wrappers doesn’t change that at all. A proper sandbox is the only way to go.",
  "title": "Build Security"
}