[Issue 15584] Security issue: symlink attack
via Digitalmars-d-bugs
digitalmars-d-bugs at puremagic.com
Thu Jan 21 18:14:49 PST 2016
https://issues.dlang.org/show_bug.cgi?id=15584
Ketmar Dark <ketmar at ketmar.no-ip.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|enhancement |normal
--- Comment #7 from Ketmar Dark <ketmar at ketmar.no-ip.org> ---
(In reply to Cédric Picard from comment #6)
> Otherwise
> why did we bother enforce that the compiler can't read or write arbitrary
> files during CTFE?
'cause this breaks the rule of "same code should behave the same in compile
time and in runtime."
> Isn't it because we know that we can't expect the user to
> carefully read every line of the code he is compiling and that the compiler
> had some responsability reguarding this in the compilation process?
no. ;-)
> I stand on my position, an attack is possible
of course, it is possible. i just don't see any reason in curing the symphtoms
in this case.
anyway: let it be of "normal" severity then?
--
More information about the Digitalmars-d-bugs
mailing list