[stable] Destabilize the Error::type_id function

[c4rtune]

This commit destabilizes the Error::type_id function in the standard library.
This does so by effectively reverting #58048, restoring the #[unstable]
attribute. The security mailing list has recently been notified of a
vulnerability relating to the stabilization of this function. First stabilized
in Rust 1.34.0, a stable function here allows users to implement a custom
return value for this function:

struct MyType;

impl Error for MyType {
fn type_id(&self) -> TypeId {
    // Enable safe casting to `String` by accident.
    TypeId::of::<String>()
}
}

This, when combined with the Error::downcast family of functions, allows
safely casting a type to any other type, clearly a memory safety issue! A
formal announcement has been made to the security mailing list as well as the blog

This commit simply destabilizes the Error::type_id which, although breaking
for users since Rust 1.34.0, is hoped to have little impact and has been deemed
sufficient to mitigate this issue for the stable channel. The long-term fate of
the Error::type_id API will be discussed at #60784.

[MonnetalX]

🔍 PR Link Analysis

🔗 Ranked Links

#1 the blog

🔍 The webpage content is not accessible, but the pull request context indicates that the Error::type_id function is being destabilized due to a security vulnerability related to allowing custom return values.

#2 #58048

🔍 This commit destabilizes the Error::type_id function due to a security vulnerability that allows users to implement a custom return value for the function, enabling type confusion attacks.

#3 #60784

🔍 The security vulnerability arises because stabilizing Error::type_id allows user-defined types to return arbitrary TypeId values, enabling type confusion attacks by bypassing the compiler's type safety guarantees.

#4 security mailing list

🔍 The Error::type_id function is being destabilized because its stable implementation allows users to return arbitrary TypeId values, enabling type confusion vulnerabilities.