https://issues.dlang.org/show_bug.cgi?id=15584
--- Comment #10 from Cédric Picard <cpic...@openmailbox.org> --- (In reply to Ketmar Dark from comment #9) > which, of course, can be caused by many other reasons. like, for example, > remounting (rebinding) output point (which can be caused by some external > condition, of course). so should we check for mount binds? and if we should, > what should be considered "safe"? absense of binds? but why? > > that's why i think that such checks curing the symptoms, and of little > importance. > > it's not the compiler task to check file pathes, it's a task of tar/git/etc > — the program that was used to unpack the archive. I don't think so, packing links is totally normal, following them without question but only sometimes isn't. > and if the user managed > to create such weird environment... well, it's time time fix the user, not > the compiler. ;-) > > btw, aren't creating executables done by "ld"? so it looks like "ld" bug, > not dmd. Fair point. > > > anyway: let it be of "normal" severity then? > > I leave that point to your discretion. I'm a security guy, every > > vulnerability allowing remote access is critical for me, but it's the > > developper's job to decide whether it fits their security model or not. > i'm not a dmd developer too. ;-) yet while it's surely a security flaw, for > me dmd is the wrong place where one should try to solve it. --
