www.digitalmars.com         C & C++   DMDScript  

digitalmars.D.bugs - [Issue 2103] New: import expression with relative path fails on Linux

reply d-bugmail puremagic.com writes:
http://d.puremagic.com/issues/show_bug.cgi?id=2103

           Summary: import expression with relative path fails on Linux
           Product: D
           Version: 1.028
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: DMD
        AssignedTo: bugzilla digitalmars.com
        ReportedBy: wbaxter gmail.com


This fails using dmd/dsss on Linux even when -J. is specified.

   string code = import("relative/file.txt");

Assuming your main.d is in . and there exists a file ./relative/file.txt.  It
should look relative to the current dir but for some reason it does not work on
Linux.  Works fine on Windows though.

Making a symlink and importing "file.txt" instead is a workaround: 
   ln -s relative/file.txt ./file.txt


--
May 12 2008
next sibling parent d-bugmail puremagic.com writes:
http://d.puremagic.com/issues/show_bug.cgi?id=2103


cslush gmail.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |cslush gmail.com





*** Bug 2759 has been marked as a duplicate of this bug. ***


--
Mar 24 2009
prev sibling parent d-bugmail puremagic.com writes:
http://d.puremagic.com/issues/show_bug.cgi?id=2103


bugzilla digitalmars.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID





It works on Windows because of a bug where '/' was not recognized as a
directory separator.

The reason for the restriction against paths in the imports is to prevent
remote execution exploits. Consider where compiling is done on a remote machine
over a network. The remote machine needs to have control over what directory
the import can read files from, otherwise there's a potential vector for
attack.

If you need to have multiple directories, they can all be specified on the
command line as a list. I'm going to mark this as invalid as it is a deliberate
design choice. You can reopen it as an enhancement request if you prefer, but
I'll need convincing that relative paths don't leave a hole where an attacker
could potentially try to read any file in the system.

I figured it was best to be secure rather than sorry.


--
Mar 25 2009