[dmd-internals] Tighten security on file imports
walter at digitalmars.com
Sun Feb 21 23:01:18 PST 2010
I did some googling on this, apparently this is not an easy fix on any
system other than Linux. Changeset 396 for more details.
Leandro Lucarella wrote:
> Hi, I just saw the changeset 389, and I think this is going the wrong
> way. Security should be tighten, but trying to keep the restrictions on
> files as much as possible (not the other way).
> What is the point on not allowing, for example, "+", "-", " " and a whole
> lot of harmless chars? I really can't understand that change.
> Related to this is bug 3420 (with a partial, Linux/Posix-only, patch
> written by me), why tries to keep security loosing restrictions.
> You even accept "." chars in the name (in the dumb check for valid
> characters), which is the most harmful char that ever existed =)
>  http://www.dsource.org/projects/dmd/changeset/389
>  http://d.puremagic.com/issues/show_bug.cgi?id=3420
More information about the dmd-internals