Compile time executable calling?
BLM768
blm768 at gmail.com
Fri Jul 12 23:52:49 PDT 2013
On Saturday, 13 July 2013 at 04:23:56 UTC, Walter Bright wrote:
>
> A big problem with it would be the equivalent of the "SQL
> Injection Exploit". Since the compiler can now execute
> arbitrary code, someone passing around malicious source code
> could do anything to your system.
Assuming that the user is compiling the code in order to run it
(which does seem to be the most common case, at least in my
experience), the user is already running arbitrary code. I don't
really see how this would create a greater security risk than
what already exists.
That said, I'm not completely sold on this idea, either, at least
not while there are more important issues to solve. It could be
nice at times, but I'm having a hard time coming up with a usage
case where this would really be much more convenient than just
using the build system.
More information about the Digitalmars-d
mailing list