https://issues.dlang.org/show_bug.cgi?id=15584
[email protected] changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #2 from [email protected] --- I understand you're asking for dmd to replace the link, or maybe fail with an error message, instead of writing through the link. Not an unreasonable request, but is there really a strong expectation that programs don't write through symlinks, so that this is surprising behavior? After all, the victim has to set up the symlink. If the attacker could set it up, they could just overwrite untouchable directly. For what it's worth, gcc seems to behave like dmd: ---- $ touch untouchable $ ln -s untouchable a.out $ cat > test.c << code #include <stdio.h> int main() {printf("owned\n"); return 0;} code $ gcc test.c $ ./untouchable owned ---- So maybe it's actually more expected that symlinks are followed, and not replaced. --
