D archeology
Jakob Ovrum
jakobovrum at gmail.com
Fri Dec 20 17:13:21 PST 2013
On Saturday, 21 December 2013 at 00:54:52 UTC, Luís Marques wrote:
> On Saturday, 21 December 2013 at 00:47:49 UTC, Jakob Ovrum
> wrote:
>> This is not running in a sandbox? And it's running on a
>> *Windows machine*?
>>
>> I really recommend you take it down. Someone will come around
>> and infect your work network, it's just a matter of time.
>
> To be clear, the user provided source code is not run, it is
> only compiled. Do you really think I should take it down? (They
> would have to read this post, go find a DMD exploit, etc.)
Oh, right.
Well, then it does become a lot harder to exploit, but DMD being
a C++ project it might be prone to security flaws, especially in
past versions (I'm not very familiar with the DMD codebase, so
can't say for sure). Make sure you don't link the executables at
least, so DMD is the only point of failure. I would use "-c -o-".
It becomes security through obscurity - who would want to rummage
through past versions of DMD's source code?
Anyway, I know for a fact that one can easily make DMD go into an
infinite loop in various ways, so you'd have to implement some
kind of timeout (not talking about CTFE here, which I think is
self-limiting).
More information about the Digitalmars-d
mailing list