Argon: an alternative parser for command-line arguments
Markus Laker via Digitalmars-d-announce
digitalmars-d-announce at puremagic.com
Thu Mar 3 12:45:24 PST 2016
On Thursday, 3 March 2016 at 09:33:38 UTC, Johannes Pfau wrote:
> The rest of this list sounds quite good, but please reconsider
> automatically opening files:
> https://media.ccc.de/v/32c3-7130-the_perl_jam_2
>
> I guess the scenario can't happen in D as our open file methods
> won't execute programs (!) but still....
I think we're safe:
msl at james:~/d/argon$ perl -wE 'open my $fh, "ls |" or die; print
for (<$fh>)[0..2]'
argon
argon.d
argon.html
msl at james:~/d/argon$ rdmd --eval='try auto f = std.stdio.File("ls
|", "r"); catch (Exception e) e.msg.writeln'
Cannot open file `ls |' in mode `r' (No such file or directory)
msl at james:~/d/argon$
Of course, if you can demonstrate a vulnerability, I'll certainly
fix it.
Markus
More information about the Digitalmars-d-announce
mailing list