[stable] Destabilize the Error::type_id function

[c4rtune]

This commit destabilizes the Error::type_id function in the standard library.
This does so by effectively reverting #58048, restoring the #[unstable]
attribute. The security mailing list has recently been notified of a
vulnerability relating to the stabilization of this function. First stabilized
in Rust 1.34.0, a stable function here allows users to implement a custom
return value for this function:

struct MyType;

impl Error for MyType {
fn type_id(&self) -> TypeId {
    // Enable safe casting to `String` by accident.
    TypeId::of::<String>()
}
}

This, when combined with the Error::downcast family of functions, allows
safely casting a type to any other type, clearly a memory safety issue! A
formal announcement has been made to the security mailing list as well as the blog

This commit simply destabilizes the Error::type_id which, although breaking
for users since Rust 1.34.0, is hoped to have little impact and has been deemed
sufficient to mitigate this issue for the stable channel. The long-term fate of
the Error::type_id API will be discussed at #60784.

[MonnetalX]

🔍 PR Link Analysis

🔗 Ranked Links

#1 the blog

🔍 The Error::type_id function is being destabilized due to a security vulnerability that allows users to implement a custom return value, enabling potential type confusion attacks.

#2 #58048

🔍 The Error::type_id function is being destabilized due to a security vulnerability that arose from allowing users to implement custom return values for this function, which was first stabilized in Rust 1.34.0.

#3 #60784

🔍 Destabilizing Error::type_id prevents users from implementing custom return values that could be exploited in a security vulnerability.

#4 security mailing list

🔍 Destabilizing Error::type_id prevents users from implementing a custom return value for this function, addressing a security vulnerability.