diff options
| -rw-r--r-- | src/libstd/env.rs | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/src/libstd/env.rs b/src/libstd/env.rs index 6956dc0d901..95aa6468dd9 100644 --- a/src/libstd/env.rs +++ b/src/libstd/env.rs @@ -493,6 +493,44 @@ pub fn temp_dir() -> PathBuf { /// that can fail for a good number of reasons. Some errors can include, but not /// be limited to, filesystem operations failing or general syscall failures. /// +/// # Security +/// +/// The output of this function should not be used in anything that might have +/// security implications. For example: +/// +/// ``` +/// fn main() { +/// println!("{:?}", std::env::current_exe()); +/// } +/// ``` +/// +/// On Linux systems, if this is compiled as `foo`: +/// +/// ```bash +/// $ rustc foo.rs +/// $ ./foo +/// Ok("/home/alex/foo") +/// ``` +/// +/// And you make a symbolic link of the program: +/// +/// ```bash +/// $ ln foo bar +/// ``` +/// +/// When you run it, you won't get the original executable, you'll get the +/// symlink: +/// +/// ```bash +/// $ ./bar +/// Ok("/home/alex/bar") +/// ``` +/// +/// This sort of behavior has been known to [lead to privledge escalation] when +/// used incorrectly, for example. +/// +/// [lead to privledge escalation]: http://securityvulns.com/Wdocument183.html +/// /// # Examples /// /// ``` |