Walter Bright wrote:
Georg Wrede wrote:
Walter Bright wrote:
grauzone wrote:
Walter Bright wrote:
http://www.comeaucomputing.com lets you upload random C++ code,
compile it on their system, and view the messages put out by their
compiler. Suppose you did it with D, had it import some sensitive
file, and put it out with a pragma msg statement?
Your compiler can do the same:
http://codepad.org/hWC9hbPQ
That's awesome!
And the system seems protected, too: http://codepad.org/mzAgmvZZ
And I'll raise you: http://codepad.org/bp5nsprd
Not that I'm discussing against the import -J switch, but the compiler
is also running inside a sandbox. At least it looks like:
http://codepad.org/ZGON3u56
(my interpretation: compiler crashes inside the sandbox)
Conclusion: the compiler doesn't need to be safe. Actually, using a
sandbox approach is probably more secure than trying to fix all compiler
security issues.
