D and AI / dub registry and AI
Julian Fondren
julian.fondren at gmail.com
Sun Feb 22 22:45:22 UTC 2026
On Sunday, 22 February 2026 at 22:39:39 UTC, Julian Fondren wrote:
> ```d
> import std.process : execute;
> import std.stdio : writeln;
>
> // misleading variable name!
> string exe(string[] s) => execute(s).output;
>
> void main(string[] args) {
> exe(["curl", args[1], "--output", args[2]]).writeln;
> }
> ```
For the record this still has problems, like running as running
as root and overwriting system files, or passing a 'URL' that is
actually a curl flag that leads to some other behavior. But
exploiting this at least takes some thought, it's not
https://xkcd.com/327/ easy.
More information about the Digitalmars-d
mailing list