Allowing relative file imports
grauzone
none at example.net
Fri Mar 27 02:31:08 PDT 2009
Walter Bright wrote:
> Georg Wrede wrote:
>> Walter Bright wrote:
>>> grauzone wrote:
>>>> Walter Bright wrote:
>>>>> http://www.comeaucomputing.com lets you upload random C++ code,
>>>>> compile it on their system, and view the messages put out by their
>>>>> compiler. Suppose you did it with D, had it import some sensitive
>>>>> file, and put it out with a pragma msg statement?
>>>>
>>>> Your compiler can do the same:
>>>> http://codepad.org/hWC9hbPQ
>>>
>>> That's awesome!
>>
>> And the system seems protected, too: http://codepad.org/mzAgmvZZ
>
> And I'll raise you: http://codepad.org/bp5nsprd
Not that I'm discussing against the import -J switch, but the compiler
is also running inside a sandbox. At least it looks like:
http://codepad.org/ZGON3u56
(my interpretation: compiler crashes inside the sandbox)
Conclusion: the compiler doesn't need to be safe. Actually, using a
sandbox approach is probably more secure than trying to fix all compiler
security issues.
More information about the Digitalmars-d
mailing list