* You're using this totally undocumented feature. This involves somehow fabricating a plugin that will actually load, which is non-trivial. Pretty sure you have to copy the appropriate types out of the source of Rust itself, and build things that way.
* You're also relying specifically on the fallback location
* You're doing this on a computer with other users
When you pass either of the flags in question, it prints out a message saying "hey, this feature is deprecated, please comment on this github issue if you're using it" and has gotten zero comments in a full year.
Never say never, but the chances of this affecting anyone are extremely remote.
Eh, an attacker would simply do all of those things, like copying types from the rust source. I don't disagree this is minor, but an actual attacker will certainly not be thwarted because a vulnerable feature is not documented.
The attacker would, of course, but unless you’re also doing it to, it won’t work. The plugin existing isn’t enough, you have to pass a flag with the name to try to activate it.
If it just loaded them without the user needing to also use a flag, the chances would go way up, for sure.
Ah so, yeah it’s poorly worded. If you don’t pass —plugin-path, the default location is the /tmp prefixed one. But you need —plugins for it to attempt to load them at all.
I’ll re-work the wording when I’m at a computer, thanks :)
