[Issue 15584] Security issue: symlink attack

via Digitalmars-d-bugs digitalmars-d-bugs at puremagic.com
Thu Jan 21 18:14:49 PST 2016


https://issues.dlang.org/show_bug.cgi?id=15584

Ketmar Dark <ketmar at ketmar.no-ip.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Severity|enhancement                 |normal

--- Comment #7 from Ketmar Dark <ketmar at ketmar.no-ip.org> ---
(In reply to Cédric Picard from comment #6)
> Otherwise
> why did we bother enforce that the compiler can't read or write arbitrary
> files during CTFE?
'cause this breaks the rule of "same code should behave the same in compile
time and in runtime."

> Isn't it because we know that we can't expect the user to
> carefully read every line of the code he is compiling and that the compiler
> had some responsability reguarding this in the compilation process?
no. ;-)

> I stand on my position, an attack is possible
of course, it is possible. i just don't see any reason in curing the symphtoms
in this case.

anyway: let it be of "normal" severity then?

--


More information about the Digitalmars-d-bugs mailing list