On Sunday, 10 June 2018 at 19:10:52 UTC, DigitalDesigns wrote:
On Sunday, 10 June 2018 at 14:42:21 UTC, Basile B. wrote:
On Sunday, 10 June 2018 at 01:49:37 UTC, DigitalDesigns wrote:
Please allow -J to specify that all subdirectories are to be
included! I'm having to include all subdirectories of my
library with J because I import each file and extract
information. It would be better to have something like
-JC:\Lib\*
rather than
-JC:\Lib\Internal
-JC:\Lib\Internal\OS
-JC:\Lib\API
-JC:\Lib\API\V1
-JC:\Lib\API\V1\Templates
....
...
..
.
This is opened as an enhancement request now:
https://issues.dlang.org/show_bug.cgi?id=18967. IIRC there was
a security concern mentioned last time this was proposed, not
100% sure.
Yeah, but -J was added for a security concern! So when does the
insanity end?
There's no contradiction nor insanity, you're saying the same
thing he did: -J was added for a security concern.
If it's such a big, e.g., to prevent root access then limit
asterisk usage to non root and maybe only a depth of 3.
After all, if someone wanted access to sensitive areas just do
-JC:\Windows\System32.
At some point one has to stop policing everything.
I'm not entirely sure what the threat model is, but it seems to
me that we're not trying to protect against an user exposing
sensitive areas. We're trying to protect against code that isn't
trusted at compile time. I think the idea is to avoid allowing
someone to import your config file with all passwords at
compile-time so that it can use it or send it later at runtime to
the attacker.
It's not a bad risk to consider but I wonder if that's the best
solution we can find.
