• =?UTF-8?B?Ikx1w61z?= Marques" (17/17) Dec 20 2013 Hi,
• Jakob Ovrum (5/10) Dec 20 2013 This is not running in a sandbox? And it's running on a *Windows
• =?UTF-8?B?Ikx1w61z?= Marques" (4/8) Dec 20 2013 To be clear, the user provided source code is not run, it is only
• H. S. Teoh (8/18) Dec 20 2013 Well, in that case it's not *as* bad of an idea. :P But still, you want
• =?UTF-8?B?Ikx1w61z?= Marques" (6/13) Dec 20 2013 Yeah. When I started using the "ddb" library for this venture
• Jakob Ovrum (13/23) Dec 20 2013 Oh, right.
• =?UTF-8?B?Ikx1w61z?= Marques" (10/14) Dec 20 2013 Yes, I implemented a timeout of just a few seconds (7s, I think).
• Jakob Ovrum (7/16) Dec 20 2013 Ah, right - CTFE is indeed not time limited, only has a recursion
• H. S. Teoh (21/25) Dec 20 2013 CTFE is self-limiting? Is there an internal timeout? I mean, what stops
• =?UTF-8?B?Ikx1w61z?= Marques" (3/11) Dec 20 2013 I am indeed using -c, but unfortunately early versions of DMD do
• H. S. Teoh (12/19) Dec 20 2013 [...]
• =?UTF-8?B?Ikx1w61z?= Marques" (4/12) Dec 20 2013 I'm not passing -J to DMD, so I can't see how that would work.
• =?UTF-8?B?Ikx1w61z?= Marques" (2/5) Dec 20 2013 Ahh, I misunderstood you. I'll check it.
• =?UTF-8?B?Ikx1w61z?= Marques" (9/13) Dec 20 2013 It fails to import the source code for the test file, so I guess
• H. S. Teoh (9/21) Dec 20 2013 Yeah, this is a very bad idea. This forum is open to the public
• yazd (3/3) Dec 21 2013 There is something weird.
• Jakob Ovrum (3/6) Dec 21 2013 It has always worked for slices. The recent change expanded it to
• yazd (4/10) Dec 21 2013 I didn't know that.
• Daniel Murphy (6/14) Dec 21 2013 ""Luís Marques " <=?UTF-8?B?Ikx1w61z?= Marques
• Jacob Carlborg (4/19) Dec 21 2013 This is really cool :)

=?UTF-8?B?Ikx1w61z?= Marques" <luis luismarques.eu> writes:

Hi,

My memory of the timeline of D features is quite fuzzy, so I 
created a service to test snippets of D source code with *all* of 
the DMD versions publicly available.

Right now the service is *very* in the rough and the UI is butt 
ugly (it just outputs the raw results), but it seems to be 
working. Give it a try, to fill it with some data and start 
exposing the bugs:

     http://www.luismarques.eu/d/archeology

I haven't yet secured the client which does the tests, and I 
imagine that the old DMD versions are full of vulnerabilities, so 
please don't be a jerk :-) (I hope the client doesn't die, I left 
it running at work, as I don't have a Windows machine set up at 
home).

Thanks for Adam "Destructinator" Ruppe, for fixing the bugs I 
encountered in the ddb library (PostgreSQL lib).

Luís

"Jakob Ovrum" <jakobovrum gmail.com> writes:

On Saturday, 21 December 2013 at 00:22:23 UTC, Luís Marques wrote:
 I haven't yet secured the client which does the tests, and I 
 imagine that the old DMD versions are full of vulnerabilities, 
 so please don't be a jerk :-) (I hope the client doesn't die, I 
 left it running at work, as I don't have a Windows machine set 
 up at home).

This is not running in a sandbox? And it's running on a *Windows 
machine*?

I really recommend you take it down. Someone will come around and 
infect your work network, it's just a matter of time.

=?UTF-8?B?Ikx1w61z?= Marques" <luis luismarques.eu> writes:

On Saturday, 21 December 2013 at 00:47:49 UTC, Jakob Ovrum wrote:
 This is not running in a sandbox? And it's running on a 
 *Windows machine*?

 I really recommend you take it down. Someone will come around 
 and infect your work network, it's just a matter of time.

To be clear, the user provided source code is not run, it is only 
compiled. Do you really think I should take it down? (They would 
have to read this post, go find a DMD exploit, etc.)

"H. S. Teoh" <hsteoh quickfur.ath.cx> writes:

On Sat, Dec 21, 2013 at 01:54:49AM +0100, digitalmars-d-bounces puremagic.com
wrote:
 On Saturday, 21 December 2013 at 00:47:49 UTC, Jakob Ovrum wrote:
This is not running in a sandbox? And it's running on a *Windows
machine*?

I really recommend you take it down. Someone will come around and
infect your work network, it's just a matter of time.

 
 To be clear, the user provided source code is not run, it is only
 compiled. Do you really think I should take it down? (They would
 have to read this post, go find a DMD exploit, etc.)

Well, in that case it's not *as* bad of an idea. :P  But still, you want
to be careful any time arbitrary, unfiltered user input is involved,
especially when said user input is code (the executable may not be run,
but remember that D code has CTFE).


T

-- 
Unix was not designed to stop people from doing stupid things, because that
would also stop them from doing clever things. -- Doug Gwyn

=?UTF-8?B?Ikx1w61z?= Marques" <luis luismarques.eu> writes:

On Saturday, 21 December 2013 at 01:03:32 UTC, H. S. Teoh wrote:
 Well, in that case it's not *as* bad of an idea. :P  But still, 
 you want
 to be careful any time arbitrary, unfiltered user input is 
 involved,
 especially when said user input is code (the executable may not 
 be run,
 but remember that D code has CTFE).

Yeah. When I started using the "ddb" library for this venture
textual query parameters were unimplemented. I declined to use
the suggested workaround of query string concatenation; now *that*
would be really dangerous  :-) Once again, thanks for Adam Ruppe
for making those work.

"Jakob Ovrum" <jakobovrum gmail.com> writes:

On Saturday, 21 December 2013 at 00:54:52 UTC, Luís Marques wrote:
 On Saturday, 21 December 2013 at 00:47:49 UTC, Jakob Ovrum 
 wrote:
 This is not running in a sandbox? And it's running on a 
 *Windows machine*?

 I really recommend you take it down. Someone will come around 
 and infect your work network, it's just a matter of time.

 To be clear, the user provided source code is not run, it is 
 only compiled. Do you really think I should take it down? (They 
 would have to read this post, go find a DMD exploit, etc.)

Oh, right.

Well, then it does become a lot harder to exploit, but DMD being 
a C++ project it might be prone to security flaws, especially in 
past versions (I'm not very familiar with the DMD codebase, so 
can't say for sure). Make sure you don't link the executables at 
least, so DMD is the only point of failure. I would use "-c -o-". 
It becomes security through obscurity - who would want to rummage 
through past versions of DMD's source code?

Anyway, I know for a fact that one can easily make DMD go into an 
infinite loop in various ways, so you'd have to implement some 
kind of timeout (not talking about CTFE here, which I think is 
self-limiting).

=?UTF-8?B?Ikx1w61z?= Marques" <luis luismarques.eu> writes:

On Saturday, 21 December 2013 at 01:14:05 UTC, Jakob Ovrum wrote:
 Anyway, I know for a fact that one can easily make DMD go into 
 an infinite loop in various ways, so you'd have to implement 
 some kind of timeout (not talking about CTFE here, which I 
 think is self-limiting).

Yes, I implemented a timeout of just a few seconds (7s, I think). 
It's short so that it doesn't take too long to test with all the 
compiler versions. I actually tested that the template recursion 
is limited (500) but not CTFE (at least in my check of that it 
was still executing after about 15 minutes). That's also why 
there is already a test called "infinite CTFE", I wanted to make 
sure that a DOS could not be achieved with a single test case 
(but is still easy at the moment, since I don't have rate 
limiting ;))

"Jakob Ovrum" <jakobovrum gmail.com> writes:

On Saturday, 21 December 2013 at 01:19:46 UTC, Luís Marques wrote:
 Yes, I implemented a timeout of just a few seconds (7s, I 
 think). It's short so that it doesn't take too long to test 
 with all the compiler versions. I actually tested that the 
 template recursion is limited (500) but not CTFE (at least in 
 my check of that it was still executing after about 15 
 minutes). That's also why there is already a test called 
 "infinite CTFE", I wanted to make sure that a DOS could not be 
 achieved with a single test case (but is still easy at the 
 moment, since I don't have rate limiting ;))

Ah, right - CTFE is indeed not time limited, only has a recursion 
limit I think. A limit imposed directly in the compiler would do 
more harm than good, so it's perfectly understandable.

Assuming you're invoking DMD as a shell command - make sure no 
user input ends up in the shell command, like the name of the 
test etc.

"H. S. Teoh" <hsteoh quickfur.ath.cx> writes:

On Sat, Dec 21, 2013 at 02:13:21AM +0100, Jakob Ovrum wrote:
[...]
 Anyway, I know for a fact that one can easily make DMD go into an
 infinite loop in various ways, so you'd have to implement some kind
 of timeout (not talking about CTFE here, which I think is
 self-limiting).

CTFE is self-limiting? Is there an internal timeout? I mean, what stops
one from doing something like:

	enum x = ctfeFunc();
	int ctfeFunc() {
		int i=1;
		while (i != 0)
		{
			i++;
			if (i > 5)
				i = 1;
		}
		return i;
	}

which would never terminate (neither will it consume memory or create
objects, so you have to solve the halting problem to know whether it
will terminate)?


T

-- 
Meat: euphemism for dead animal. -- Flora

=?UTF-8?B?Ikx1w61z?= Marques" <luis luismarques.eu> writes:

On Saturday, 21 December 2013 at 01:14:05 UTC, Jakob Ovrum wrote:
 Well, then it does become a lot harder to exploit, but DMD 
 being a C++ project it might be prone to security flaws, 
 especially in past versions (I'm not very familiar with the DMD 
 codebase, so can't say for sure). Make sure you don't link the 
 executables at least, so DMD is the only point of failure. I 
 would use "-c -o-". It becomes security through obscurity - who 
 would want to rummage through past versions of DMD's source 
 code?

I am indeed using -c, but unfortunately early versions of DMD do 
not have -o-

"H. S. Teoh" <hsteoh quickfur.ath.cx> writes:

On Sat, Dec 21, 2013 at 02:13:21AM +0100, Jakob Ovrum wrote:
[...]
 Well, then it does become a lot harder to exploit, but DMD being a
 C++ project it might be prone to security flaws, especially in past
 versions (I'm not very familiar with the DMD codebase, so can't say
 for sure). Make sure you don't link the executables at least, so DMD
 is the only point of failure. I would use "-c -o-". It becomes
 security through obscurity - who would want to rummage through past
 versions of DMD's source code?

[...]

Has DMD always had -J for string imports? 'cos if not, I'd be fearful of
somebody using string imports to view the contents of arbitrary files.

	string x = import("/etc/passwd");
	pragma(msg, x);
	// or trigger a compile error that generates a message
	// containing the contents of x.


T

-- 
Computers aren't intelligent; they only think they are.

=?UTF-8?B?Ikx1w61z?= Marques" <luis luismarques.eu> writes:

On Saturday, 21 December 2013 at 01:33:53 UTC, H. S. Teoh wrote:
 Has DMD always had -J for string imports? 'cos if not, I'd be 
 fearful of
 somebody using string imports to view the contents of arbitrary 
 files.

 	string x = import("/etc/passwd");
 	pragma(msg, x);
 	// or trigger a compile error that generates a message
 	// containing the contents of x.

I'm not passing -J to DMD, so I can't see how that would work. 
Also, I'm not returning to the server any output from DMD, other 
than the return code (success / failure).

=?UTF-8?B?Ikx1w61z?= Marques" <luis luismarques.eu> writes:

On Saturday, 21 December 2013 at 01:42:34 UTC, Luís Marques wrote:
 I'm not passing -J to DMD, so I can't see how that would work. 
 Also, I'm not returning to the server any output from DMD, 
 other than the return code (success / failure).

Ahh, I misunderstood you. I'll check it.

=?UTF-8?B?Ikx1w61z?= Marques" <luis luismarques.eu> writes:

On Saturday, 21 December 2013 at 01:33:53 UTC, H. S. Teoh wrote:
 Has DMD always had -J for string imports? 'cos if not, I'd be 
 fearful of
 somebody using string imports to view the contents of arbitrary 
 files.

It fails to import the source code for the test file, so I guess 
it's safe?

     
http://www.luismarques.eu/d/archeology/EAAF3C6C36A7C00F9A003EAD7C02789853389539
     
http://www.luismarques.eu/d/archeology/A75AEA5BBAFC3DED20BCAAF12E0C5664F1F09E1B

(I had assumed string imports always had -J because that was the 
only option that made sense, and Walter is competent :-)

"H. S. Teoh" <hsteoh quickfur.ath.cx> writes:

On Sat, Dec 21, 2013 at 01:47:39AM +0100, Jakob Ovrum wrote:
 On Saturday, 21 December 2013 at 00:22:23 UTC, Luís Marques wrote:
I haven't yet secured the client which does the tests, and I
imagine that the old DMD versions are full of vulnerabilities, so
please don't be a jerk :-) (I hope the client doesn't die, I left
it running at work, as I don't have a Windows machine set up at
home).

 
 This is not running in a sandbox? And it's running on a *Windows
 machine*?
 
 I really recommend you take it down. Someone will come around and
 infect your work network, it's just a matter of time.

Yeah, this is a very bad idea. This forum is open to the public
Internet; your message could be seen by people who you might not want to
know about your server. You'll get hacked. You really need to run it
inside a sandbox and/or setup user authentication before posting it to
the public Internet.


T

-- 
Never trust an operating system you don't have source for! -- Martin Schulze

"yazd" <yazan.dabain gmail.com> writes:

There is something weird.
How does UFCS compile since the earliest versions?
http://www.luismarques.eu/d/archeology/56CDCBDBE4688E996548A3F39E63843ADEFBF570

"Jakob Ovrum" <jakobovrum gmail.com> writes:

On Saturday, 21 December 2013 at 10:20:58 UTC, yazd wrote:
 There is something weird.
 How does UFCS compile since the earliest versions?
 http://www.luismarques.eu/d/archeology/56CDCBDBE4688E996548A3F39E63843ADEFBF570

It has always worked for slices. The recent change expanded it to 
work with any type.

"yazd" <yazan.dabain gmail.com> writes:

On Saturday, 21 December 2013 at 10:34:20 UTC, Jakob Ovrum wrote:
 On Saturday, 21 December 2013 at 10:20:58 UTC, yazd wrote:
 There is something weird.
 How does UFCS compile since the earliest versions?
 http://www.luismarques.eu/d/archeology/56CDCBDBE4688E996548A3F39E63843ADEFBF570

 It has always worked for slices. The recent change expanded it 
 to work with any type.

I didn't know that.
This looks useful on the long run especially with the 
bootstrapping of the compiler.

"Daniel Murphy" <yebblies nospamgmail.com> writes:

""Luís Marques <luis luismarques.eu>" <=?UTF-8?B?Ikx1w61z?= Marques 
<luis luismarques.eu>> wrote in message 
news:lwzpootzzqxwbpcextiu forum.dlang.org...
 Hi,

 My memory of the timeline of D features is quite fuzzy, so I created a 
 service to test snippets of D source code with *all* of the DMD versions 
 publicly available.

 Right now the service is *very* in the rough and the UI is butt ugly (it 
 just outputs the raw results), but it seems to be working. Give it a try, 
 to fill it with some data and start exposing the bugs:

     http://www.luismarques.eu/d/archeology

This is pretty cool.  I've wanted something like this integrated with the 
test suite and bugzilla to automatically find duplicates fixed and track 
regressions. 

Jacob Carlborg <doob me.com> writes:

On 2013-12-21 01:22, "Luís Marques" <luis luismarques.eu>" wrote:
 Hi,

 My memory of the timeline of D features is quite fuzzy, so I created a
 service to test snippets of D source code with *all* of the DMD versions
 publicly available.

 Right now the service is *very* in the rough and the UI is butt ugly (it
 just outputs the raw results), but it seems to be working. Give it a
 try, to fill it with some data and start exposing the bugs:

      http://www.luismarques.eu/d/archeology

 I haven't yet secured the client which does the tests, and I imagine
 that the old DMD versions are full of vulnerabilities, so please don't
 be a jerk :-) (I hope the client doesn't die, I left it running at work,
 as I don't have a Windows machine set up at home).

 Thanks for Adam "Destructinator" Ruppe, for fixing the bugs I
 encountered in the ddb library (PostgreSQL lib).

 Luís

This is really cool :)

-- 
/Jacob Carlborg