On Saturday, 21 December 2013 at 10:34:20 UTC, Jakob Ovrum wrote:
On Saturday, 21 December 2013 at 10:20:58 UTC, yazd wrote:
There is something weird.
How does UFCS compile since the earliest versions?
http://www.luismarques.eu/d/archeology/56CDCBDBE4688E996548A3F39E63843ADEFBF570
It has
t ugly (it
just outputs the raw results), but it seems to be working. Give it a
try, to fill it with some data and start exposing the bugs:
http://www.luismarques.eu/d/archeology
I haven't yet secured the client which does the tests, and I imagine
that the old DMD versions are full of vulner
MD versions
> publicly available.
>
> Right now the service is *very* in the rough and the UI is butt ugly (it
> just outputs the raw results), but it seems to be working. Give it a try,
> to fill it with some data and start exposing the bugs:
>
> http://www.luismarques.eu/d/arc
On Saturday, 21 December 2013 at 10:20:58 UTC, yazd wrote:
There is something weird.
How does UFCS compile since the earliest versions?
http://www.luismarques.eu/d/archeology/56CDCBDBE4688E996548A3F39E63843ADEFBF570
It has always worked for slices. The recent change expanded it to
work with
There is something weird.
How does UFCS compile since the earliest versions?
http://www.luismarques.eu/d/archeology/56CDCBDBE4688E996548A3F39E63843ADEFBF570
it's safe?
http://www.luismarques.eu/d/archeology/EAAF3C6C36A7C00F9A003EAD7C02789853389539
http://www.luismarques.eu/d/archeology/A75AEA5BBAFC3DED20BCAAF12E0C5664F1F09E1B
(I had assumed string imports always had -J because that was the
only option that made sense, and Walter is competent :-)
On Saturday, 21 December 2013 at 01:42:34 UTC, Luís Marques wrote:
I'm not passing -J to DMD, so I can't see how that would work.
Also, I'm not returning to the server any output from DMD,
other than the return code (success / failure).
Ahh, I misunderstood you. I'll check it.
On Saturday, 21 December 2013 at 01:33:53 UTC, H. S. Teoh wrote:
Has DMD always had -J for string imports? 'cos if not, I'd be
fearful of
somebody using string imports to view the contents of arbitrary
files.
string x = import("/etc/passwd");
pragma(msg, x);
// or trigg
On Sat, Dec 21, 2013 at 02:13:21AM +0100, Jakob Ovrum wrote:
[...]
> Well, then it does become a lot harder to exploit, but DMD being a
> C++ project it might be prone to security flaws, especially in past
> versions (I'm not very familiar with the DMD codebase, so can't say
> for sure). Make sure
On Saturday, 21 December 2013 at 01:14:05 UTC, Jakob Ovrum wrote:
Well, then it does become a lot harder to exploit, but DMD
being a C++ project it might be prone to security flaws,
especially in past versions (I'm not very familiar with the DMD
codebase, so can't say for sure). Make sure you d
On Saturday, 21 December 2013 at 01:19:46 UTC, Luís Marques wrote:
Yes, I implemented a timeout of just a few seconds (7s, I
think). It's short so that it doesn't take too long to test
with all the compiler versions. I actually tested that the
template recursion is limited (500) but not CTFE (a
On Sat, Dec 21, 2013 at 02:13:21AM +0100, Jakob Ovrum wrote:
[...]
> Anyway, I know for a fact that one can easily make DMD go into an
> infinite loop in various ways, so you'd have to implement some kind
> of timeout (not talking about CTFE here, which I think is
> self-limiting).
CTFE is self-li
On Saturday, 21 December 2013 at 01:14:05 UTC, Jakob Ovrum wrote:
Anyway, I know for a fact that one can easily make DMD go into
an infinite loop in various ways, so you'd have to implement
some kind of timeout (not talking about CTFE here, which I
think is self-limiting).
Yes, I implemented
On Saturday, 21 December 2013 at 01:03:32 UTC, H. S. Teoh wrote:
Well, in that case it's not *as* bad of an idea. :P But still,
you want
to be careful any time arbitrary, unfiltered user input is
involved,
especially when said user input is code (the executable may not
be run,
but remember th
On Saturday, 21 December 2013 at 00:54:52 UTC, Luís Marques wrote:
On Saturday, 21 December 2013 at 00:47:49 UTC, Jakob Ovrum
wrote:
This is not running in a sandbox? And it's running on a
*Windows machine*?
I really recommend you take it down. Someone will come around
and infect your work ne
On Sat, Dec 21, 2013 at 01:54:49AM +0100, digitalmars-d-boun...@puremagic.com
wrote:
> On Saturday, 21 December 2013 at 00:47:49 UTC, Jakob Ovrum wrote:
> >This is not running in a sandbox? And it's running on a *Windows
> >machine*?
> >
> >I really recommend you take it down. Someone will come ar
On Sat, Dec 21, 2013 at 01:47:39AM +0100, Jakob Ovrum wrote:
> On Saturday, 21 December 2013 at 00:22:23 UTC, Luís Marques wrote:
> >I haven't yet secured the client which does the tests, and I
> >imagine that the old DMD versions are full of vulnerabilities, so
> >please don't be a jerk :-) (I hop
On Saturday, 21 December 2013 at 00:47:49 UTC, Jakob Ovrum wrote:
This is not running in a sandbox? And it's running on a
*Windows machine*?
I really recommend you take it down. Someone will come around
and infect your work network, it's just a matter of time.
To be clear, the user provided
On Saturday, 21 December 2013 at 00:22:23 UTC, Luís Marques wrote:
I haven't yet secured the client which does the tests, and I
imagine that the old DMD versions are full of vulnerabilities,
so please don't be a jerk :-) (I hope the client doesn't die, I
left it running at work, as I don't have
working. Give it a try, to fill it with some data and start
exposing the bugs:
http://www.luismarques.eu/d/archeology
I haven't yet secured the client which does the tests, and I
imagine that the old DMD versions are full of vulnerabilities, so
please don't be a jerk :-) (
20 matches
Mail list logo
