DMD 1.005 release [security concerns about ImportExpressions]
Vladimir Panteleev
thecybershadow at gmail.com
Tue Feb 13 03:02:48 PST 2007
On Tue, 13 Feb 2007 12:39:22 +0200, Yauheni Akhotnikau <eao197 at intervale.ru> wrote:
> I don't think that prevention of including some private data during compilation is a task of D compiler. That private data can be stolen even without new import expression -- it is only necessary to have ordinal unix utilities and make available. Consider the following sample:
By definition, makefiles are much more dangerous than source code files. A makefile runs actual commands on your system, so it's obvious that it may contain something like `rm -rf /' in it. A compiler's purpose, by definition, is to read human-readable source code and to produce machine-readable executable/byte-code. See my other posts in this thread for the reason why I believe there must be a strong distinction between utilities that may or may not perform potentially dangerous operations, no matter the input files.
--
Best regards,
Vladimir mailto:thecybershadow at gmail.com
More information about the Digitalmars-d-announce
mailing list