[Issue 15584] Security issue: symlink attack
via Digitalmars-d-bugs
digitalmars-d-bugs at puremagic.com
Thu Jan 21 18:24:23 PST 2016
https://issues.dlang.org/show_bug.cgi?id=15584
--- Comment #8 from Cédric Picard <cpicard at openmailbox.org> ---
(In reply to Ketmar Dark from comment #7)
> (In reply to Cédric Picard from comment #6)
> > Otherwise
> > why did we bother enforce that the compiler can't read or write arbitrary
> > files during CTFE?
> 'cause this breaks the rule of "same code should behave the same in compile
> time and in runtime."
That too, ok.
> > I stand on my position, an attack is possible
> of course, it is possible. i just don't see any reason in curing the
> symphtoms in this case.
If anything to bring some consistency. Security issues appart compiling the
same source code with the same flags and the same files in the folder twice
ends up with two completely different results. The first one will create a file
elsewhere, at the emplacement targeted by the link while the second compilation
will actually do what it should have from the beginning, remove the link and
build the executable in place. That's inconsistent. Either we choose to trust
the user and follow the link in all circumstances, either we consider that a
link isn't special enough to avoid being replaced like any other file and we
remove it.
> anyway: let it be of "normal" severity then?
I leave that point to your discretion. I'm a security guy, every vulnerability
allowing remote access is critical for me, but it's the developper's job to
decide whether it fits their security model or not.
--
More information about the Digitalmars-d-bugs
mailing list