Build Security

kpreid:

The primary obstacle to getting sandboxing into Cargo (for build scripts) and rustc (for proc-macros) is implementing it (or at least prototyping it), not convincing people that it should be done.

Actually, I need convincing.

It is a huge effort with a lot of design work and it is incomplete. It only covers build time behavior and not runtime behavior. There are ways (e.g. cackle) where we can get the benefit for both build time and runtime. That seems like a much higher pay off direction to go.

EDIT: I also very much want us to explore

• reducing the need for build-rs (Reduce the need for users to write build scripts · Issue #14948 · rust-lang/cargo · GitHub)
• consolidate build scripts via build script delegation, reducing the audit surface (Tracking issue for RFC 2196, "metabuild: semantic build scripts for Cargo" · Issue #14903 · rust-lang/cargo · GitHub)
• explore how far we can go with declarative macros to replace proc-macros