On Thursday, 3 March 2016 at 09:33:38 UTC, Johannes Pfau wrote:
The rest of this list sounds quite good, but please reconsider automatically opening files: https://media.ccc.de/v/32c3-7130-the_perl_jam_2


I guess the scenario can't happen in D as our open file methods won't execute programs (!) but still....

I think we're safe:

msl@james:~/d/argon$ perl -wE 'open my $fh, "ls |" or die; print for (<$fh>)[0..2]'
argon
argon.d
argon.html
msl@james:~/d/argon$ rdmd --eval='try auto f = std.stdio.File("ls |", "r"); catch (Exception e) e.msg.writeln'
Cannot open file `ls |' in mode `r' (No such file or directory)
msl@james:~/d/argon$

Of course, if you can demonstrate a vulnerability, I'll certainly fix it.

Markus

Reply via email to