-
Notifications
You must be signed in to change notification settings - Fork 13k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rust binaries contain path strings that expose system username when using any dependency #89410
Comments
I just discovered that this has to do with dependencies. It only happens if your project is using a crate and you use the crate in code. For example, I created a new project using Nightly build (i tested it with stable aswell) and added the rand crate to I then wrote this code that uses that crate. use rand::prelude::*;
fn main() {
let mut rng = rand::thread_rng();
println!("{}", rng.next_u64());
} Compiling with However in a empty hello world project, there are 0 occurrences. |
I am able to reproduce this issue. While looking at the binary (both debug and release) under a hex editor, I found Using any dependency in the rust code includes the system username (and absolute path) in the binary. |
If I use the mini-main with the
Using |
Yeah it seems to be overwhelmingly excessive in debug builds but thankfully mostly reduced in release builds (sometimes). On some of my projects it only barely reduces the count with For me, the --remap flag does not affect anything even with the same format you just provided. It still shows there being 3 instances of the path. |
Ok I figured out why the So this needs to simply be defaulted by the Rust compiler, either by providing the default path name or just automatically adjusting path prefixes to |
IIRC, this is unlikely to be made the default because of debugging concerns (even release binaries may need debugging). |
That flag that was merged actually worked really well ( I do think cargo should have on option, however I personally think it should be defaulted to |
Why would a release build need to be debugged? Edit: That's also a privacy concern. |
Yeah I don't really understand what you mean by release builds needing to be debugged. A release build is meant to be the most stripped and optimized build of a program, debug builds exist for debugging. There should really be absolutely no debugging symbols in a release build. |
The 2021 has nothing to do with features like this. It's just a way to make some small breaking changes needed to implement other features.
To start I think the option should be explicit and made the default only when it has been shown to work well and not introduce regressions. Anyway this requires an RFC and has already been discussed in #40552, in particular see #40552 (comment) and #40552 (comment).
If your release build crashes generally you want to be able to get a backtrace, and that requires debugging informations. |
On compiling for release, there should not be literal absolute paths exposing my system username (which on some of my devices is my real name) inside the binaries. I understand maybe its necessary in debug binaries (however I still see no reason to pack these absolute paths in) but they should 100% not be present in a release build.
I have seen many issues reported about this, yet none of them seem to have came to any solution or fix. I have also seen the flag
--remap-path-prefix
but that doesn't fix the issue. The paths still remain even after using this flag.Please let me know if there is any current solution for this, or if it is planned to be fixed in a future release.
EDIT: Stripping the binary using
strip
or evencargo strip
tools do not remove the strings either.How to reproduce:
rand
for examplemain.rs
that uses that crate in any waycargo build --release
strings target/release/BINARY_NAME| grep YOUR_SYSTEM_NAME | wc -l
For me, it says my system name appears 20 times in a debug binary and 3 times in a release binary using the
rand
crate and nothing else.This issue does not occur if you have no dependencies.
Meta
rustc --version --verbose
:The text was updated successfully, but these errors were encountered: