Hardcoded filepaths in compiled exe
Raikia
raikiasec at gmail.com
Tue Dec 29 21:27:07 UTC 2020
On Tuesday, 29 December 2020 at 19:30:53 UTC, Basile B. wrote:
> On Tuesday, 29 December 2020 at 16:13:53 UTC, Raikia wrote:
>> Hey all,
>>
>> [...]
>> $ strings -a program.exe | grep 'dmd2'
>> C:\D\dmd2\windows\bin\..\..\src\phobos\std\file.d
>> C:\D\dmd2\windows\bin\..\..\src\phobos\std\utf.d
>> C:\D\dmd2\windows\bin\..\..\src\phobos\std\base64.d
>>
>>
>> This problem is more egregious when I am using a home folder,
>> like "C:\Users\<my name>\" instead of "C:\D\". Am I missing
>> something? Is there a way to compile D without leaking
>> metadata like this in a production release binary?
>
> I believe those are because of Exception constructors that use
> the __FILE__ special keyword. You might patch the final
> executable and replace the string content with spaces or 'x's.
Interesting. I was able to clobber it with bbe with no issues.
I'm surprised the compiler doesn't strip out this potentially
sensitive metadata, but I guess I'll just patch it out as part of
my build process. Thanks!
More information about the Digitalmars-d-learn
mailing list