Skip to content

Make sure rustup.sh is safe from truncation errors #19168

@erickt

Description

@erickt
Contributor

Someone on hacker news pointed out that bad things could potentially happen if the running of curl https://static.rust-lang.org/rust.sh | sh gets truncated on a bad line. We should audit the code to make sure that can't happen. Maybe we could write the actual rustup.sh and verify it with a checksum before we execute it?

Activity

huonw

huonw commented on Nov 21, 2014

@huonw
Member

This would theoretically be resolved by putting the whole script into a function that then gets executed at the very end, so nothing happens until that is reached, e.g.

f() {
    rm -Rf "${TMP_DIR}"
    need_ok "failed to remove temporary installation directory"

    mkdir -p "${TMP_DIR}"
    need_ok "failed to create create temporary installation directory"

    ...
    rm -Rf "${TMP_DIR}"
    need_ok "couldn't rm temporary installation directory"
}

f

(Tagging as E-easy due to this, I believe the file is available in src/etc.)

added
E-easyCall for participation: Easy difficulty. Experience needed to fix: Not much. Good first issue.
on Nov 21, 2014
added a commit that references this issue on Dec 4, 2014
4053e82
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    E-easyCall for participation: Easy difficulty. Experience needed to fix: Not much. Good first issue.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      Participants

      @erickt@huonw

      Issue actions

        Make sure rustup.sh is safe from truncation errors · Issue #19168 · rust-lang/rust