• wkk@lemmy.world
    link
    fedilink
    English
    arrow-up
    9
    ·
    edit-2
    7 months ago

    It’s definitely not Rust’s fault, but it’s kinda Windows’ one and cmd.exe escape logic… It’s really difficult to write logic that will correctly escape any argument given to it, cmd.exe really is a pain to deal with :/

    The Rust security team faced a significant challenge when dealing with cmd.exe’s complexity since they couldn’t find a solution that would correctly escape arguments in all cases.

    As a result, they had to improve the robustness of the escaping code and modify the Command API. If the Command API cannot safely escape an argument while spawning the process, it returns an InvalidInput error.

    “If you implement the escaping yourself or only handle trusted inputs, on Windows you can also use the CommandExt::raw_arg method to bypass the standard library’s escaping logic,” the Rust Security Response WG added.

    I get that in situations where they can’t safely escape a parameter they’ll just stop with an error, which sound as sane as one could go with this!

    • Blue_Morpho@lemmy.world
      cake
      link
      fedilink
      English
      arrow-up
      1
      ·
      7 months ago

      It’s really difficult to write logic that will correctly escape any argument given to it, cmd.exe really is a pain to deal with :/

      Is cmd.exe even a thing in Windows? I know it exists and you can run it but I thought I read that the default is Power Shell now. (Just Googled, yeah Powershell replaced cmd.exe by default in 2022.)

      • wkk@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        7 months ago

        https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-createprocessa

        To run a batch file, you must start the command interpreter; set lpApplicationName to cmd.exe and set lpCommandLine to the following arguments: /c plus the name of the batch file.

        Because a batch file (.bat or .cmd) is basically a set of cmd.exe instructions I guess that’s why you can’t get away from it.

        And as if making sense of this CreateProcessA system call wasn’t funny enough, you also need to figure out how to safely prepare that lpCommandLine for it following all of cmd.exe’s weird escaping rules… lol

          • wkk@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            7 months ago

            If you can avoid running batch files altogether then great, amazing. But there are projects out there using Rust that still depend on running those and that’s the focus of the issue… But yeah I cannot wait until the day I won’t hear about cmd.exe again.