Allowing relative file imports

Andrei Alexandrescu SeeWebsiteForEmail at erdani.org
Thu Mar 26 14:39:05 PDT 2009


Georg Wrede wrote:
> Walter Bright wrote:
>> Daniel Keep wrote:
>>> It should be noted that this is really no different to executing
>>> arbitrary code on a machine.  That said, compiling a program is not
>>> typically thought of as "executing" code, so some restrictions in this
>>> case would probably be prudent.
>>
>> Here's the scenario I'm concerned about. Let's say you set up a 
>> website that instead of supporting javascript, supports D used as a 
>> scripting language. The site thus must run the D compiler on the 
>> source code. When it executes the resulting code, that execution 
>> presumably will run in a "sandbox" at a low privilege level.
>>
>> But the compiler itself will be part of the server software, and may 
>> run at a higher privilege. The import feature could possible read any 
>> file in the system, inserting it into the executable being built. The 
>> running executable could then supply this information to the attacker, 
>> even though it is sandboxed.
>>
>> This is why even using the import file feature must be explicitly 
>> enabled by a compiler switch, and which directories it can read must 
>> also be explicitly set with a compiler switch. Presumably, it's a lot 
>> easier for the server software to control the compiler switches than 
>> to parse the D code looking for obfuscated file imports.
> 
> As almost everybody else here, I've maintained a couple of websites.
> 
> Using D to write CGI programs (that are compiled, real binaries) is 
> appealing, but I'd never even think about having the web server itself 
> use the D compiler!!!
> 
> I mean, how often do you see web sites where stuff is fed to a C 
> compiler and the resulting programs run????? (Yes it's too slow, but 
> that's hardly the point here.) That is simply not done.

Of course it is, probably just not in C. Last time I looked, there are 
two concepts around, one of "statically-generated dynamic pages" and one 
of "entirely dynamic pages". I know because I installed an Apache server 
and at that time support for statically-generated dynamic pages was new.

What that means is this:

a) statically-generated dynamic = you generate the page once, it's good 
until the source of the page changes;

b) "really" dynamic page = you generate the page at each request.

> Rdmd might get one thinking of such, but then, how many websites use 
> dynamically created PHP? Dynamically created pages yes, but with static 
> PHP source.
> 
> I must be missing something big here...

I think D with rdmd would be great for (a).


Andrei



More information about the Digitalmars-d mailing list