Rust's const fns run in a restricted interpreter that does not allow for things like non-determinism, syscalls, unsound behavior, etc. They can neither read from nor write to "the environment" in any meaningful way. They don't even expose things like the host's pointer-size to the code being run.

That's all interesting about const fns, but AFAIK any dependency can add a build.rs that executes anything - and is usually automatically executed by the language server doing a build on Cargo.toml file change.

Not a Rust-only problem, but one that people should be aware of in general.

Whilst it is restricted, you're not correct that it can't do unsound behaviour and can't do syscalls, and can't do non-determinism.

It can call unsafe blocks. They are more limited unsafe blocks, but they are still unsafe blocks.

I'm pretty sure I'm not, but feel free to make an actual demonstration to the contrary...

Unsafe blocks doesn't imply access to undefined behavior, merely the ability to write code that would be undefined in the regular non-const execution model.