digitalmars.D.bugs - [Issue 21234] New: Import expression can read files outside of -J
- d-bugmail puremagic.com (88/93) Sep 10 2020 https://issues.dlang.org/show_bug.cgi?id=21234
d-bugmail puremagic.com https://issues.dlang.org/show_bug.cgi?id=21234 Issue ID: 21234 Summary: Import expression can read files outside of -J path in case of symlink/hardlink Product: D Version: D2 Hardware: x86 OS: All Status: NEW Severity: normal Priority: P1 Component: dmd Assignee: nobody puremagic.com Reporter: andrey.zherikov gmail.com I did 4 tests to understand how symlinks and hardlinks are treated on Posix (Ubuntu 20.04 in my case) and Windows (Windows 10 build 19041.450) inside -J path. The results are: - If a hardlink points to outside of -J path then import("file") reads it on both Windows and Posix; - If a symlink points to outside of -J path then import("file") reads it on Windows and rejects on Posix. So this brings up few questions: - Should there be a parity between Windows and Posix in treating of symlinks? - Should there be a parity in treating of symlinks and hardlinks? - What are security concerns to disallow symlinks to external files on Posix? Is it feasible to remove this restriction to make it consistent across platforms? - Should DMD reject hardlinks that point outside of -J path? (I'm not sure that it's easy to implement or even possible) - Does providing -J option to DMD mean user's consent to use the content of specified directory regardless to the type of this content? There is legitimate use case IMO when one creates a "working" directory to be passed to -J option that intentionally contains symlinks to external files (e.g. specific files in some git repo). (See references [1] and [2] regarding symlink/hardlink support on Windows) Testcase used here: ====== test.d void main() { pragma(msg, import("file")); } ====== file hello ====== Steps to reproduce: symlink on Ubuntu ====== $ rm -rf foo/; mkdir foo; ln -s ../file foo/file $ ls -li file foo/file 74551 -rwxr--r-- 2 andrey andrey 6 Sep 10 04:43 file 73336 lrwxrwxrwx 1 andrey andrey 7 Sep 10 06:12 foo/file -> ../file $ dmd -Jfoo -run test.d test.d(3): Error: file "file" cannot be found or not in a path specified with -J test.d(3): while evaluating pragma(msg, import("file")) ====== Steps to reproduce: hardlink on Ubuntu ====== $ rm -rf foo/; mkdir foo; ln file foo/file $ ls -li file foo/file 74551 -rwxr--r-- 3 andrey andrey 6 Sep 10 04:43 file 74551 -rwxr--r-- 3 andrey andrey 6 Sep 10 04:43 foo/file $ dmd -Jfoo -run test.d hello ====== Steps to reproduce: symlink on Windows (use cmd in admin mode) ======rmdir /s /q foo & mkdir foo & mklink foo\file ..\filesymbolic link created for foo\file <<===>> ..\filedir file foo\fileDirectory of C:\link-test 09/10/2020 05:08 AM 6 file Directory of C:\link-test\foo 09/10/2020 06:21 AM <SYMLINK> file [..\file]dmd -Jfoo -run test.dhello ====== Steps to reproduce: hardlink on Windows (use cmd in admin mode) ======rmdir /s /q foo & mkdir foo & mklink /h foo\file fileHardlink created for foo\file <<===>> filedir file foo\fileDirectory of C:\link-test 09/10/2020 05:08 AM 6 file Directory of C:\link-test\foo 09/10/2020 05:08 AM 6 file C:\link-test>dmd -Jfoo -run test.d hello ====== References: [1] https://docs.microsoft.com/en-us/windows/win32/fileio/hard-links-and-junctions [2] https://docs.microsoft.com/en-us/windows/win32/fileio/symbolic-links --
Sep 10 2020