digitalmars.D.bugs - [Issue 989] New: Security hole

d-bugmail puremagic.com (13/13) Feb 21 2007 http://d.puremagic.com/issues/show_bug.cgi?id=989

d-bugmail puremagic.com (4/4) Feb 21 2007 http://d.puremagic.com/issues/show_bug.cgi?id=989
d-bugmail puremagic.com (6/6) Feb 21 2007 http://d.puremagic.com/issues/show_bug.cgi?id=989
d-bugmail puremagic.com (9/9) Mar 19 2007 http://d.puremagic.com/issues/show_bug.cgi?id=989

d-bugmail puremagic.com writes:

http://d.puremagic.com/issues/show_bug.cgi?id=989

           Summary: Security hole
           Product: D
           Version: 1.007
          Platform: PC
        OS/Version: Windows
            Status: NEW
          Severity: normal
          Priority: P2
         Component: DMD
        AssignedTo: bugzilla digitalmars.com
        ReportedBy: maxter i.com.ua





--

Feb 21 2007

d-bugmail puremagic.com writes:

http://d.puremagic.com/issues/show_bug.cgi?id=989






A bit more information would probably be helpful...


--

Feb 21 2007

d-bugmail puremagic.com writes:

http://d.puremagic.com/issues/show_bug.cgi?id=989






Sorry, I just pushed the wrong button. The issue is that import() allows to
escape to -Jpath's parent directories if "../" is used in import file name. But
please don't disallow relative paths to subdirectories of -Jpath.


--

Feb 21 2007

d-bugmail puremagic.com writes:

http://d.puremagic.com/issues/show_bug.cgi?id=989


bugzilla digitalmars.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED





This is disallowed in 1.009.


--

Mar 19 2007

D Programming

C/C++ Programming

Other

digitalmars.D.bugs - [Issue 989] New: Security hole