== Quote from Jarrett Billingsley (jarrett.billings...@gmail.com)'s article
> On Fri, Mar 27, 2009 at 2:14 PM, Walter Bright
> wrote:
> >
> > I'm also thinking of adjusting the code generation to reduce the ability to
> > take advantage of buffer overflows, even though you shouldn't have buffer
>
On Fri, Mar 27, 2009 at 2:14 PM, Walter Bright
wrote:
>
> I'm also thinking of adjusting the code generation to reduce the ability to
> take advantage of buffer overflows, even though you shouldn't have buffer
> overflows in D.
At least not in debug mode. ;)
Mike Parker wrote:
The thing about the JVM, though, is that it runs in a sandbox. Try to
access the file system, or to change the display mode, from an applet or
WebStart-enabled app. It's not going to happen without the user granting
permission. And you know every time the JVM starts up, eithe
grauzone wrote:
Conclusion: the compiler doesn't need to be safe. Actually, using a
sandbox approach is probably more secure than trying to fix all compiler
security issues.
I've been reading a bunch of articles on making secure software lately.
The consensus is that relying on one aspect to
Jarrett Billingsley wrote:
> One, you do not use Javascript as a server-side scripting language.
Why not? Server-side JavaScript exists since 1996.
http://www.aptana.com/jaxer/
http://www.modjs.org/
grauzone wrote:
Walter Bright wrote:
Georg Wrede wrote:
Walter Bright wrote:
grauzone wrote:
Walter Bright wrote:
http://www.comeaucomputing.com lets you upload random C++ code,
compile it on their system, and view the messages put out by their
compiler. Suppose you did it with D, had it im
Walter Bright wrote:
Georg Wrede wrote:
I mean, how often do you see web sites where stuff is fed to a C
compiler and the resulting programs run? (Yes it's too slow, but
that's hardly the point here.) That is simply not done.
Consider the Java JVM. You've probably got one installed on you
Walter Bright wrote:
Georg Wrede wrote:
Walter Bright wrote:
grauzone wrote:
Walter Bright wrote:
http://www.comeaucomputing.com lets you upload random C++ code,
compile it on their system, and view the messages put out by their
compiler. Suppose you did it with D, had it import some sensiti
Walter Bright wrote:
Georg Wrede wrote:
Walter Bright wrote:
grauzone wrote:
Walter Bright wrote:
http://www.comeaucomputing.com lets you upload random C++ code,
compile it on their system, and view the messages put out by their
compiler. Suppose you did it with D, had it import some sensiti
Georg Wrede wrote:
Walter Bright wrote:
There's no reason in principle that D could not be used instead.
True. But then, what would happen to the Systems Language image of D in
folks' minds, if it is run in a browser, next to Javascript, Java, and
who knows what "toy" languages? Would Phobos
Georg Wrede wrote:
Walter Bright wrote:
grauzone wrote:
Walter Bright wrote:
http://www.comeaucomputing.com lets you upload random C++ code,
compile it on their system, and view the messages put out by their
compiler. Suppose you did it with D, had it import some sensitive
file, and put it o
Walter Bright wrote:
grauzone wrote:
Walter Bright wrote:
http://www.comeaucomputing.com lets you upload random C++ code,
compile it on their system, and view the messages put out by their
compiler. Suppose you did it with D, had it import some sensitive
file, and put it out with a pragma msg
Walter Bright wrote:
Georg Wrede wrote:
I mean, how often do you see web sites where stuff is fed to a C
compiler and the resulting programs run? (Yes it's too slow, but
that's hardly the point here.) That is simply not done.
Consider the Java JVM. You've probably got one installed on you
grauzone wrote:
Walter Bright wrote:
http://www.comeaucomputing.com lets you upload random C++ code,
compile it on their system, and view the messages put out by their
compiler. Suppose you did it with D, had it import some sensitive
file, and put it out with a pragma msg statement?
Your com
Walter Bright wrote:
Georg Wrede wrote:
I mean, how often do you see web sites where stuff is fed to a C
compiler and the resulting programs run? (Yes it's too slow, but
that's hardly the point here.) That is simply not done.
Consider the Java JVM. You've probably got one installed on you
Georg Wrede wrote:
I mean, how often do you see web sites where stuff is fed to a C
compiler and the resulting programs run? (Yes it's too slow, but
that's hardly the point here.) That is simply not done.
Consider the Java JVM. You've probably got one installed on your
computer. It gets j
Andrei Alexandrescu wrote:
Georg Wrede wrote:
Walter Bright wrote:
Daniel Keep wrote:
It should be noted that this is really no different to executing
arbitrary code on a machine. That said, compiling a program is not
typically thought of as "executing" code, so some restrictions in this
case
Andrei Alexandrescu wrote:
Georg Wrede wrote:
Walter Bright wrote:
Daniel Keep wrote:
It should be noted that this is really no different to executing
arbitrary code on a machine. That said, compiling a program is not
typically thought of as "executing" code, so some restrictions in this
case
Georg Wrede wrote:
As almost everybody else here, I've maintained a couple of websites.
Using D to write CGI programs (that are compiled, real binaries) is
appealing, but I'd never even think about having the web server itself
use the D compiler!!!
I mean, how often do you see web sites wher
Georg Wrede wrote:
Walter Bright wrote:
Daniel Keep wrote:
It should be noted that this is really no different to executing
arbitrary code on a machine. That said, compiling a program is not
typically thought of as "executing" code, so some restrictions in this
case would probably be prudent.
Walter Bright wrote:
Daniel Keep wrote:
It should be noted that this is really no different to executing
arbitrary code on a machine. That said, compiling a program is not
typically thought of as "executing" code, so some restrictions in this
case would probably be prudent.
Here's the scenari
Walter Bright wrote:
> Daniel Keep wrote:
>> If the code cannot set command-line switches, then there's no
>> difference, so let's ignore that case. Let's assume the code CAN set
>> switches. There's nothing to stop it doing this:
>
> It's a lot easier to scrub command line switches than to tr
Daniel Keep wrote:
If the code cannot set command-line switches, then there's no
difference, so let's ignore that case. Let's assume the code CAN set
switches. There's nothing to stop it doing this:
It's a lot easier to scrub command line switches than to try to scrub D
source code. It's the
Walter Bright wrote:
> Daniel Keep wrote:
>> It should be noted that this is really no different to executing
>> arbitrary code on a machine. That said, compiling a program is not
>> typically thought of as "executing" code, so some restrictions in this
>> case would probably be prudent.
>
> He
On Wed, Mar 25, 2009 at 2:18 PM, Walter Bright
wrote:
>
> Here's the scenario I'm concerned about. Let's say you set up a website that
> instead of supporting javascript, supports D used as a scripting language.
> The site thus must run the D compiler on the source code. When it executes
> the res
Frank Benoit wrote:
Daniel Keep schrieb:
There have been at least two reports thus far (2103 and 2759) of people
attempting to use relative imports with the -J compile-time file import
feature.
Please note also my posting "Proposal for fixing import("file")" on 14th
March in this NG.
Should
Daniel Keep wrote:
It should be noted that this is really no different to executing
arbitrary code on a machine. That said, compiling a program is not
typically thought of as "executing" code, so some restrictions in this
case would probably be prudent.
Here's the scenario I'm concerned about.
Jarrett Billingsley wrote:
> On Wed, Mar 25, 2009 at 8:28 AM, Daniel Keep
> wrote:
>
>> 2. Disallow -J to be the root of any drive or filesystem, and only allow
>> -J to be used from the following roots: %USERPROFILE% for Windows and ~
>> for *nix. Possibly, this should be configured or overri
On Wed, Mar 25, 2009 at 8:28 AM, Daniel Keep
wrote:
> 2. Disallow -J to be the root of any drive or filesystem, and only allow
> -J to be used from the following roots: %USERPROFILE% for Windows and ~
> for *nix. Possibly, this should be configured or overridable in sc.ini;
> an extendible white
Daniel Keep schrieb:
> There have been at least two reports thus far (2103 and 2759) of people
> attempting to use relative imports with the -J compile-time file import
> feature.
Please note also my posting "Proposal for fixing import("file")" on 14th
March in this NG.
There seem to have been a few tickets thus far from people wanting to do
relative file imports using the -J switch. Walter has stated that this
is explicitly disallowed as a defensive measure, which is fine.
I was going to post the following as an enhancement request, but I
thought it might be be
31 matches
Mail list logo
