-J all

Basile B. b2.b2.temp.temp at gmx.gmx.com.com.com
Mon Jun 11 07:17:56 UTC 2018 

On Monday, 11 June 2018 at 06:52:20 UTC, DigitalDesigns wrote:
> On Monday, 11 June 2018 at 05:15:05 UTC, Cym13 wrote:
>> On Sunday, 10 June 2018 at 19:10:52 UTC, DigitalDesigns wrote:
>>> On Sunday, 10 June 2018 at 14:42:21 UTC, Basile B. wrote:
>>>> On Sunday, 10 June 2018 at 01:49:37 UTC, DigitalDesigns 
>>>> wrote:
>>>>> Please allow -J to specify that all subdirectories are to 
>>>>> be included! I'm having to include all subdirectories of my 
>>>>> library with J because I import each file and extract 
>>>>> information. It would be better to have something like
>>>>>
>>>>> -JC:\Lib\*
>>>>>
>>>>> rather than
>>>>>
>>>>> -JC:\Lib\Internal
>>>>> -JC:\Lib\Internal\OS
>>>>> -JC:\Lib\API
>>>>> -JC:\Lib\API\V1
>>>>> -JC:\Lib\API\V1\Templates
>>>>> ....
>>>>>
>>>>> ...
>>>>> ..
>>>>> .
>>>>
>>>> This is opened as an enhancement request now: 
>>>> https://issues.dlang.org/show_bug.cgi?id=18967. IIRC there 
>>>> was a security concern mentioned last time this was 
>>>> proposed, not 100% sure.
>>>
>>> Yeah, but -J was added for a security concern! So when does 
>>> the insanity end?
>>
>> There's no contradiction nor insanity, you're saying the same 
>> thing he did: -J was added for a security concern.
>
> No I'm not, which proves the insanity is still here:
>
> He's saying that *'s wasn't added out of security concerns:
>
> "This is opened as an enhancement request now: 
> https://issues.dlang.org/show_bug.cgi?id=18967. IIRC there was 
> a security concern mentioned last time this was proposed, not 
> 100% sure."
>
> And I'm saying that -J was implemented out of security concerns.
>
> So, -J was added for security concerns and * was rejected out 
> of security concerns!
>
> Please don't be insane, thanks.
>
>
>>> If it's such a big, e.g., to prevent root access then limit 
>>> asterisk usage to non root and maybe only a depth of 3.
>>>
>>> After all, if someone wanted access to sensitive areas just 
>>> do -JC:\Windows\System32.
>>>
>>> At some point one has to stop policing everything.
>>
>> I'm not entirely sure what the threat model is, but it seems 
>> to me that we're not trying to protect against an user 
>> exposing sensitive areas. We're trying to protect against code 
>> that isn't trusted at compile time. I think the idea is to 
>> avoid allowing someone to import your config file with all 
>> passwords at compile-time so that it can use it or send it 
>> later at runtime to the attacker.
>
> Yes, that is the point, else why restrict access? So -J was 
> added so we could get around it because one has to be able to 
> get around it. But dmd makes it hard for humans to get around 
> it because they have to go look up all the directories they 
> want to add and add each one separately. If a D compile time 
> program is going to use dmd to steal something, it can do it 
> either way.
>
> It is easy for a program to parse multiple directories in to 
> several commands but more difficult for a human. So adding * is 
> not much of a threat and it could be limited if someone feels 
> like it is too much.
>
> -J is a blaring security hole if one really wants to get down 
> to it. I wouldn't use D if I could it it to import files at 
> compile time. It breaks all my apps... specially since not one 
> D compile time virus exists(I'm sure someone will run out and 
> make one).
>
> So, lets go to the chalk board to make sure you understand: -J 
> is a restriction to prevent any D source code from opening 
> external files using import except what is listed under -J. Not 
> having wildcard support further restricts ones freedom as it 
> requires one to list many extra paths. If * was supported then 
> it would make using -J much easier without it? it is much 
> harder.
>
> -J added for security and (not *) added for security. So we 
> have security on top of security... that is the insanity I was 
> speaking of. Who's idea is to secure D when no one even bothers 
> to use it to do some potential something that no one could 
> really describe except basic hacking.
>
> I mean, after all, if someone uses dmd to somehow steal file 
> information then they almost surely could do it without it and 
> when they compile they can just use -J with the directory of 
> the info they want. So, there is really no point in -J in the 
> first place. You could say that it would be better to be safe 
> than sorry... of course, that is where the insanity comes from! 
> Are we really any safer? Where are all these D CT viruses at 
> that I'm being protected from?!?! And why having they figured 
> out ways to hack -J?
>
> After all, if this malicious code is ran then it can surely 
> replace dmd.exe with an imposter and feed it -J so the next 
> time it is ran would be able then to have access to -J the next 
> time it is ran.
>
> At some point in the distant future am I going to have to wear 
> a condom to program in D?

Common man just calm down. Read the thread again. About the 
security concern i had say "I'm no 100% sure". After verification 
it appears that what i remembered was

http://cwe.mitre.org/data/definitions/22.html

This is about going in the parent folders not children so this 
wildcard thing would be possible. "Would" because it's not 
necessary, this  works already:

https://issues.dlang.org/show_bug.cgi?id=14349 was fixed years 
ago.

More information about the Digitalmars-d mailing list