New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make it harder to use fuzztarget #90
Comments
Agreed, but I'm not sure what the right answer is. Most of the point is to make it easier to run fuzzing as otherwise you have to recursively replace dependencies until you have everything running with fuzztarget enabled. I suppose at least documenting what it does is useful, maybe there is some hack with can do with requiring fuzzers set an undocumented static global setinal before the fuzztarget-mode functions will run? |
Another idea, maybe simpler: fail the build and/or the program unless some special environment variable is set. That's kind of global, and we can use it for the build and the actual execution. |
IRC discussion:
|
@apoelstra You mentioned somewhere else that this issue has been solved but I don't think that's true. Or what were you referring to? |
Yes, it is fixed by #263 |
I fear that someone just enables
fuzztarget
(it seems undocumented) or usesall-features
, and people leak their private keys... It's inconvenient but maybe we can comment out the feature in Cargo.toml (will rustc complain?), maintain a separate branch or do something else to make it harder to shoot yourself in the foot.The text was updated successfully, but these errors were encountered: