From 91f650dad5188b7b19631b4bd4e56e6077ade3ff Mon Sep 17 00:00:00 2001 From: Benjamin Herr Date: Tue, 6 May 2025 12:48:26 -0700 Subject: [PATCH] RUSTSEC-2025-0030: Indicate 'totally-safe-transmute' is a toy. People should know that totally-safe-transmute is a toy that's intentionally doing broken things, so that a) they don't come after me b) they know not to expect it to get patched c) they question why someone is pulling toy code into their dependencies --- crates/totally-safe-transmute/RUSTSEC-2025-0030.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crates/totally-safe-transmute/RUSTSEC-2025-0030.md b/crates/totally-safe-transmute/RUSTSEC-2025-0030.md index 9e90a536..05fb356b 100644 --- a/crates/totally-safe-transmute/RUSTSEC-2025-0030.md +++ b/crates/totally-safe-transmute/RUSTSEC-2025-0030.md @@ -15,6 +15,8 @@ unaffected = [] # totally-safe-transmute allows transmuting any type to any other type in safe Rust -This crate uses a known soundness issue (https://github.com/rust-lang/rust/issues/32670) that will never get fixed. In short, Linux provides a file called `/proc/self/mem` which can be used by a program to modify its own memory. This library modifies an enum variant number by accessing its own memory as a file to effectively transmute a variable. +This crate is a toy and should never be used. + +It showcases a known soundness issue (https://github.com/rust-lang/rust/issues/32670) that will never get fixed. In short, Linux provides a file called `/proc/self/mem` which can be used by a program to modify its own memory. This library modifies an enum variant number by accessing its own memory as a file to effectively transmute a variable. See also