DMD 1.005 release [security concerns about ImportExpressions]

[Vladimir Panteleev]

On Wed, 07 Feb 2007 09:51:17 +0200, Andrei Alexandrescu (See Website For Email) <SeeWebsiteForEmail at erdani.org> wrote:

> Vladimir Panteleev wrote:
>> On Tue, 06 Feb 2007 06:54:18 +0200, Walter Bright <newshound at digitalmars.com> wrote:
>>
>>> http://www.digitalmars.com/d/changelog.html
>>
>> Hmm. What would prevent someone from writing programs like:
>>    writef(import("/etc/passwd"));
>> and trick someone to compile this program for them (under the pretext that they don't have a D compiler, for example) to steal the user list (or the contents of any other file with a known absolute or relative path on the victim's system)?
>>
>> IMO, the compiler should at least issue a warning when importing a file not located in/under the source file's directory. Although, if the source emits a lot of pragma(msg) messages, the warning might get cluttered by those - or this might be concealed in a large program with a lot of files. A better security-wise solution is to disallow importing files outside the source file's directory, unless specified by the user on the command-line.
>
> How would the bad person see the output of the compilation?

In this particular example, the idea is to trick someone to compile a program for you and send you back the binary, under a pretext similar to "I don't have a D compiler" or "I can't/don't want to install the D compiler on my system". The fact that a compiler can embed random files in the resulting binary from his filesystem isn't obvious to a person familiar with compilers in general and not expecting similar behavior from a tool which is supposed to work with just a given set of source files.

-- 
Best regards,
  Vladimir                          mailto:thecybershadow at gmail.com