[dmd-internals] Tighten security on file imports

Leandro Lucarella llucax at gmail.com
Sat Feb 20 17:59:35 PST 2010

Hi, I just saw the changeset 389[1], and I think this is going the wrong
way. Security should be tighten, but trying to keep the restrictions on
files as much as possible (not the other way).

What is the point on not allowing, for example, "+", "-", " " and a whole
lot of harmless chars? I really can't understand that change.

Related to this is bug 3420[2] (with a partial, Linux/Posix-only, patch
written by me), why tries to keep security loosing restrictions.

You even accept "." chars in the name (in the dumb check for valid
characters), which is the most harmful char that ever existed =)

[1] http://www.dsource.org/projects/dmd/changeset/389
[2] http://d.puremagic.com/issues/show_bug.cgi?id=3420

Leandro Lucarella (AKA luca)                     http://llucax.com.ar/
GPG Key: 5F5A8D05 (F8CD F9A7 BF00 5431 4145  104C 949E BFB6 5F5A 8D05)

More information about the dmd-internals mailing list