extend pragma(msg) with writing to file
kdevel
kdevel at vogtner.de
Sun Oct 9 12:33:59 UTC 2022
On Sunday, 9 October 2022 at 08:00:58 UTC, FeepingCreature wrote:
>> Andrey asked for compilation only. Of course the program is
>> ran under a separate user.
>
> Under what circumstances would you compile a program on an
> account with *more* sensitive data than the one you run it on?
The D program P is compiled before another program Q is compiled,
both on the same account. After compilation the programs are
deployed to the production machine/account where the "more
sensitive data" reside. By mere compilation P can alter the
source code of Q. Though P is never executed in the production
environment its code is run via Q.
Note that for pure scripting languages (without separate
compilation stage) this attack vector does not exist.
More information about the Digitalmars-d
mailing list