[dmd-internals] Tighten security on file imports
Walter Bright
walter at digitalmars.com
Sun Feb 21 23:01:18 PST 2010
I did some googling on this, apparently this is not an easy fix on any
system other than Linux. Changeset 396 for more details.
Leandro Lucarella wrote:
> Hi, I just saw the changeset 389[1], and I think this is going the wrong
> way. Security should be tighten, but trying to keep the restrictions on
> files as much as possible (not the other way).
>
> What is the point on not allowing, for example, "+", "-", " " and a whole
> lot of harmless chars? I really can't understand that change.
>
> Related to this is bug 3420[2] (with a partial, Linux/Posix-only, patch
> written by me), why tries to keep security loosing restrictions.
>
> You even accept "." chars in the name (in the dumb check for valid
> characters), which is the most harmful char that ever existed =)
>
>
> [1] http://www.dsource.org/projects/dmd/changeset/389
> [2] http://d.puremagic.com/issues/show_bug.cgi?id=3420
>
>
More information about the dmd-internals
mailing list