[Issue 2103] import expression with relative path fails on Linux
d-bugmail at puremagic.com
d-bugmail at puremagic.com
Wed Mar 25 02:55:52 PDT 2009
http://d.puremagic.com/issues/show_bug.cgi?id=2103
bugzilla at digitalmars.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
------- Comment #2 from bugzilla at digitalmars.com 2009-03-25 04:55 -------
It works on Windows because of a bug where '/' was not recognized as a
directory separator.
The reason for the restriction against paths in the imports is to prevent
remote execution exploits. Consider where compiling is done on a remote machine
over a network. The remote machine needs to have control over what directory
the import can read files from, otherwise there's a potential vector for
attack.
If you need to have multiple directories, they can all be specified on the
command line as a list. I'm going to mark this as invalid as it is a deliberate
design choice. You can reopen it as an enhancement request if you prefer, but
I'll need convincing that relative paths don't leave a hole where an attacker
could potentially try to read any file in the system.
I figured it was best to be secure rather than sorry.
--
More information about the Digitalmars-d-bugs
mailing list