D_vs_nim: git repo to compare features of D vs nim and help migrating code bw them. PRs welcome

Cym13 cpicard at openmailbox.org
Wed Mar 28 22:36:45 UTC 2018


On Wednesday, 28 March 2018 at 20:50:51 UTC, Dmitry Olshansky 
wrote:
> On Tuesday, 27 March 2018 at 21:49:16 UTC, Walter Bright wrote:
>> On 3/27/2018 5:11 AM, Guillaume Piolat wrote:
>>> - ability to write file during CTFE is not necessarily 
>>> positive. THough I can't tell why from the top of my mind.
>>
>> The act of compiling a buggy program not influence the global 
>> state of the computer. It should not be necessary to vet code 
>> downloaded from the internet before even compiling it to 
>> ensure it doesn't mess up the system.
>
> The moment there is make or other build tool this is all futile.
>
>>
>> CTFE should run in a sandbox. It must be safe to compile code.
>
> I agree but mostly on the grounds of purity and 
> reproducibility. It also enables caching and incremental builds.
>
> Safety - not so much.

Indeed, even without such high level tools using the linker is 
dangerous due to issues that nobody wants to consider 
vulnerabilities.

For demo:

$ mkdir test ; cd test
$ echo 'import std.stdio; void main(){ writeln("test"); }' > 
test.d
$ ln -s shouldntexist test
$ dmd test.d
$ ls -l
total 760K
-rw-r--r-- 1 cym13 cym13   90 Mar 29 00:28 test.d
lrwxrwxrwx 1 cym13 cym13   13 Mar 29 00:33 test -> shouldntexist*
-rw-r--r-- 1 cym13 cym13  14K Mar 29 00:33 test.o
-rwxr-xr-x 1 cym13 cym13 740K Mar 29 00:33 shouldntexist*

This can easily lead to privilege escalation by creating 
sensitive files in specific locations with arbitrary content 
(~/.ssh/authorized_keys comes to mind).

Ok, this needs a specially crafted symlink, but it's one more 
thing to check before compiling anything... Compiling just can't 
reasonably be assumed to be secure (although I'd very much like 
it to be).


More information about the Digitalmars-d-announce mailing list