Hardcoded filepaths in compiled exe

[Steven Schveighoffer]

On 12/29/20 4:27 PM, Raikia wrote:
> On Tuesday, 29 December 2020 at 19:30:53 UTC, Basile B. wrote:
>> On Tuesday, 29 December 2020 at 16:13:53 UTC, Raikia wrote:
>>> Hey all,
>>>
>>> [...]
>>> $ strings -a program.exe | grep 'dmd2'
>>> C:\D\dmd2\windows\bin\..\..\src\phobos\std\file.d
>>> C:\D\dmd2\windows\bin\..\..\src\phobos\std\utf.d
>>> C:\D\dmd2\windows\bin\..\..\src\phobos\std\base64.d
>>>
>>>
>>> This problem is more egregious when I am using a home folder, like 
>>> "C:\Users\<my name>\" instead of "C:\D\".  Am I missing something?  
>>> Is there a way to compile D without leaking metadata like this in a 
>>> production release binary?
>>
>> I believe those are because of Exception constructors that use the 
>> __FILE__ special keyword. You might patch the final executable and 
>> replace the string content with spaces or 'x's.
> 
> Interesting.  I was able to clobber it with bbe with no issues. I'm 
> surprised the compiler doesn't strip out this potentially sensitive 
> metadata, but I guess I'll just patch it out as part of my build 
> process.  Thanks!

Yeah, that's a bit surprising. I think it's for use in debuggers so they 
can pull up the exact file where the exception was thrown.

But I would think a feature should exist that masks the base directory 
of exception file names.

Probably worth an enhancement request.

-Steve