www.digitalmars.com         C & C++   DMDScript  

digitalmars.D.bugs - [Issue 989] New: Security hole

reply d-bugmail puremagic.com writes:
http://d.puremagic.com/issues/show_bug.cgi?id=989

           Summary: Security hole
           Product: D
           Version: 1.007
          Platform: PC
        OS/Version: Windows
            Status: NEW
          Severity: normal
          Priority: P2
         Component: DMD
        AssignedTo: bugzilla digitalmars.com
        ReportedBy: maxter i.com.ua





-- 
Feb 21 2007
next sibling parent d-bugmail puremagic.com writes:
http://d.puremagic.com/issues/show_bug.cgi?id=989






A bit more information would probably be helpful...


-- 
Feb 21 2007
prev sibling next sibling parent d-bugmail puremagic.com writes:
http://d.puremagic.com/issues/show_bug.cgi?id=989






Sorry, I just pushed the wrong button. The issue is that import() allows to
escape to -Jpath's parent directories if "../" is used in import file name. But
please don't disallow relative paths to subdirectories of -Jpath.


-- 
Feb 21 2007
prev sibling parent d-bugmail puremagic.com writes:
http://d.puremagic.com/issues/show_bug.cgi?id=989


bugzilla digitalmars.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED





This is disallowed in 1.009.


-- 
Mar 19 2007