D archeology
H. S. Teoh
hsteoh at quickfur.ath.cx
Fri Dec 20 17:32:21 PST 2013
On Sat, Dec 21, 2013 at 02:13:21AM +0100, Jakob Ovrum wrote:
[...]
> Well, then it does become a lot harder to exploit, but DMD being a
> C++ project it might be prone to security flaws, especially in past
> versions (I'm not very familiar with the DMD codebase, so can't say
> for sure). Make sure you don't link the executables at least, so DMD
> is the only point of failure. I would use "-c -o-". It becomes
> security through obscurity - who would want to rummage through past
> versions of DMD's source code?
[...]
Has DMD always had -J for string imports? 'cos if not, I'd be fearful of
somebody using string imports to view the contents of arbitrary files.
string x = import("/etc/passwd");
pragma(msg, x);
// or trigger a compile error that generates a message
// containing the contents of x.
T
--
Computers aren't intelligent; they only think they are.
More information about the Digitalmars-d
mailing list