DMD 1.005 release [security concerns about ImportExpressions]

Vladimir Panteleev thecybershadow at gmail.com
Tue Feb 13 03:02:48 PST 2007


On Tue, 13 Feb 2007 12:39:22 +0200, Yauheni Akhotnikau <eao197 at intervale.ru> wrote:

> I don't think that prevention of including some private data during compilation is a task of D compiler. That private data can be stolen even without new import expression -- it is only necessary to have ordinal unix utilities and make available. Consider the following sample:

By definition, makefiles are much more dangerous than source code files. A makefile runs actual commands on your system, so it's obvious that it may contain something like `rm -rf /' in it. A compiler's purpose, by definition, is to read human-readable source code and to produce machine-readable executable/byte-code. See my other posts in this thread for the reason why I believe there must be a strong distinction between utilities that may or may not perform potentially dangerous operations, no matter the input files.

-- 
Best regards,
  Vladimir                          mailto:thecybershadow at gmail.com



More information about the Digitalmars-d-announce mailing list