[dmd-internals] Tighten security on file imports

Walter Bright walter at digitalmars.com
Sun Feb 21 23:01:18 PST 2010

I did some googling on this, apparently this is not an easy fix on any 
system other than Linux. Changeset 396 for more details.

Leandro Lucarella wrote:
> Hi, I just saw the changeset 389[1], and I think this is going the wrong
> way. Security should be tighten, but trying to keep the restrictions on
> files as much as possible (not the other way).
> What is the point on not allowing, for example, "+", "-", " " and a whole
> lot of harmless chars? I really can't understand that change.
> Related to this is bug 3420[2] (with a partial, Linux/Posix-only, patch
> written by me), why tries to keep security loosing restrictions.
> You even accept "." chars in the name (in the dumb check for valid
> characters), which is the most harmful char that ever existed =)
> [1] http://www.dsource.org/projects/dmd/changeset/389
> [2] http://d.puremagic.com/issues/show_bug.cgi?id=3420

More information about the dmd-internals mailing list