rustup use of sudo is suprising, insecure, infuriating

[mikedilger]

As my normal user, I ran the curl/rustup command shown on the downloads page. It ran, and returned to the prompt of my normal user. I expected the install to go under $HOME/.cargo as it has in the past. However, in the process, it escalated privileges and installed as root under /usr/local... without my knowledge and without my permission. I was flabbergasted.

sudo caches my credentials so I see now how this has happened. However, as the system administrator, I maintain the expectation that commands that I run as a normal user cannot corruptmodify system directories. This trust was breached.

Scripts should not sudo on a users behalf.

I love the rust language. But I've just been hackedsuprised by this script and as a result I've lost trust in all forms of rustup (until I can tell them apart). I will only install from tgz from now on for now.

Please fix for others.

[TimNN]

The rustup you refer to here is probably https://github.com/rust-lang/rustup.sh, which is the one you get from https://static.rust-lang.org/rustup.sh, I think, and is already in the process of being replaced.

The successor, https://github.com/rust-lang-nursery/rustup.rs, will not attempt to use sudo.

[mikedilger]

The one on the downloads page is what I used: https://www.rust-lang.org/en-US/downloads.html. But I have used others in the past and expected their behavior. Currently it is confusing, there seems to be a lot of different rustups.

The successor, https://github.com/rust-lang-nursery/rustup.rs, will not attempt to use sudo.

That is good to hear.

[sfackler]

In what way was /usr/local corrupted?

I don't believe the behavior of the script on the downloads page has changed recently.

[frewsxcv]

Worth mentioning that rustup.rs should be come the recommended method of installation soon rust-lang/prev.rust-lang.org#621

[mikedilger]

@sfackler corruption was a strong word, and I didn't say it corrupted my files, just that I have this expectation that running a process as a non-root user isn't going to change root-owned files. Part of the issue is with Ubuntu's default sudo setup which I have now corrected for myself (I recently switched from gentoo). I think the other rustup I've used installs into $HOME/.cargo, and I probably got it from somewhere other than the download page, so yes maybe the download page has not changed recently.

[steveklabnik]

Thanks for the report @mikedilger ! https://github.com/rust-lang/rustup.sh is the correct repo, and as others say, rustup.sh is going to be phased out soon. So I'm going to give this one a close. Thanks!