Compile time executable calling?
Piotr Szturmaj
bncrbme at jadamspam.pl
Sat Jul 13 05:10:55 PDT 2013
W dniu 13.07.2013 09:13, Walter Bright pisze:
> On 7/12/2013 11:52 PM, BLM768 wrote:
>> On Saturday, 13 July 2013 at 04:23:56 UTC, Walter Bright wrote:
>>>
>>> A big problem with it would be the equivalent of the "SQL Injection
>>> Exploit".
>>> Since the compiler can now execute arbitrary code, someone passing
>>> around
>>> malicious source code could do anything to your system.
>>
>> Assuming that the user is compiling the code in order to run it (which
>> does seem
>> to be the most common case, at least in my experience), the user is
>> already
>> running arbitrary code. I don't really see how this would create a
>> greater
>> security risk than what already exists.
>
> People can be endlessly creative at this kind of thing. I'm not at all
> sure you and I have thought of every possible exploit.
Use sandboxing. On Linux it's easy:
http://en.wikipedia.org/wiki/Seccomp. But, it could be difficult to
create cross-platform solution.
More information about the Digitalmars-d
mailing list