Hardcoded filepaths in compiled exe
Steven Schveighoffer
schveiguy at gmail.com
Tue Dec 29 23:11:25 UTC 2020
On 12/29/20 4:27 PM, Raikia wrote:
> On Tuesday, 29 December 2020 at 19:30:53 UTC, Basile B. wrote:
>> On Tuesday, 29 December 2020 at 16:13:53 UTC, Raikia wrote:
>>> Hey all,
>>>
>>> [...]
>>> $ strings -a program.exe | grep 'dmd2'
>>> C:\D\dmd2\windows\bin\..\..\src\phobos\std\file.d
>>> C:\D\dmd2\windows\bin\..\..\src\phobos\std\utf.d
>>> C:\D\dmd2\windows\bin\..\..\src\phobos\std\base64.d
>>>
>>>
>>> This problem is more egregious when I am using a home folder, like
>>> "C:\Users\<my name>\" instead of "C:\D\". Am I missing something?
>>> Is there a way to compile D without leaking metadata like this in a
>>> production release binary?
>>
>> I believe those are because of Exception constructors that use the
>> __FILE__ special keyword. You might patch the final executable and
>> replace the string content with spaces or 'x's.
>
> Interesting. I was able to clobber it with bbe with no issues. I'm
> surprised the compiler doesn't strip out this potentially sensitive
> metadata, but I guess I'll just patch it out as part of my build
> process. Thanks!
Yeah, that's a bit surprising. I think it's for use in debuggers so they
can pull up the exact file where the exception was thrown.
But I would think a feature should exist that masks the base directory
of exception file names.
Probably worth an enhancement request.
-Steve
More information about the Digitalmars-d-learn
mailing list