Walter Bright wrote: > Daniel Keep wrote: >> If the code cannot set command-line switches, then there's no >> difference, so let's ignore that case. Let's assume the code CAN set >> switches. There's nothing to stop it doing this: > > It's a lot easier to scrub command line switches than to try to scrub D > source code. It's the server that runs dmd, not the client. > > The rest of your proposal may be tight, I don't really know. I do wish > to keep it, however, as simple as possible and the current scheme does > that.
Sorry, poor choice of words. I should have said "Let's assume a malicious party who either provided the code or knows how to exploit the code can set switches." I'm not proposing scrubbing the source in any way. -- Daniel
