digitalmars.D.bugs - [Issue 989] New: Security hole
- d-bugmail puremagic.com (13/13) Feb 21 2007 http://d.puremagic.com/issues/show_bug.cgi?id=989
- d-bugmail puremagic.com (4/4) Feb 21 2007 http://d.puremagic.com/issues/show_bug.cgi?id=989
- d-bugmail puremagic.com (6/6) Feb 21 2007 http://d.puremagic.com/issues/show_bug.cgi?id=989
- d-bugmail puremagic.com (9/9) Mar 19 2007 http://d.puremagic.com/issues/show_bug.cgi?id=989
http://d.puremagic.com/issues/show_bug.cgi?id=989
Summary: Security hole
Product: D
Version: 1.007
Platform: PC
OS/Version: Windows
Status: NEW
Severity: normal
Priority: P2
Component: DMD
AssignedTo: bugzilla digitalmars.com
ReportedBy: maxter i.com.ua
--
Feb 21 2007
d-bugmail puremagic.com http://d.puremagic.com/issues/show_bug.cgi?id=989 ------- Comment #1 from fvbommel wxs.nl 2007-02-21 03:44 ------- A bit more information would probably be helpful... --
Feb 21 2007
http://d.puremagic.com/issues/show_bug.cgi?id=989 ------- Comment #2 from maxter i.com.ua 2007-02-21 04:02 ------- Sorry, I just pushed the wrong button. The issue is that import() allows to escape to -Jpath's parent directories if "../" is used in import file name. But please don't disallow relative paths to subdirectories of -Jpath. --
Feb 21 2007
http://d.puremagic.com/issues/show_bug.cgi?id=989
bugzilla digitalmars.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
------- Comment #3 from bugzilla digitalmars.com 2007-03-19 18:51 -------
This is disallowed in 1.009.
--
Mar 19 2007