W dniu 13.07.2013 09:13, Walter Bright pisze:
On 7/12/2013 11:52 PM, BLM768 wrote:
On Saturday, 13 July 2013 at 04:23:56 UTC, Walter Bright wrote:
A big problem with it would be the equivalent of the "SQL Injection
Exploit".
Since the compiler can now execute arbitrary code, someone passing
around
malicious source code could do anything to your system.
Assuming that the user is compiling the code in order to run it (which
does seem
to be the most common case, at least in my experience), the user is
already
running arbitrary code. I don't really see how this would create a
greater
security risk than what already exists.
People can be endlessly creative at this kind of thing. I'm not at all
sure you and I have thought of every possible exploit.
Use sandboxing. On Linux it's easy:
http://en.wikipedia.org/wiki/Seccomp. But, it could be difficult to
create cross-platform solution.
