| Thread overview | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
October 19, 2009 [Issue 3420] New: Impossible to specify -J path for subdirectories | ||||
|---|---|---|---|---|
| ||||
 | http://d.puremagic.com/issues/show_bug.cgi?id=3420 Summary: Impossible to specify -J path for subdirectories Product: D Version: 1.042 Platform: All OS/Version: Windows Status: NEW Severity: regression Priority: P2 Component: DMD AssignedTo: nobody@puremagic.com ReportedBy: thecybershadow@gmail.com --- Comment #0 from Vladimir <thecybershadow@gmail.com> 2009-10-19 07:55:10 PDT --- const data = import("dir/data.txt"); Specifying -J. for DMD 1.041 is sufficient to allow this to compile. I couldn't find an option for DMD 1.042 and newer which would allow this to compile. -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- | |||
Permalink
ReplyNovember 30, 2009 [Issue 3420] Impossible to specify -J path for subdirectories | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Vladimir | http://d.puremagic.com/issues/show_bug.cgi?id=3420 Walter Bright <bugzilla@digitalmars.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |bugzilla@digitalmars.com Resolution| |WONTFIX --- Comment #1 from Walter Bright <bugzilla@digitalmars.com> 2009-11-30 02:36:43 PST --- Paths are not allowed in the string supplied to the import statement. This is for security reasons. To get the example to compile, use: import ("data.txt"); and use the switch: -Jdir This behavior is as intended. -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- | |||
November 30, 2009 [Issue 3420] Impossible to specify -J path for subdirectories | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Vladimir | http://d.puremagic.com/issues/show_bug.cgi?id=3420 Vladimir <thecybershadow@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|WONTFIX | --- Comment #2 from Vladimir <thecybershadow@gmail.com> 2009-11-30 02:40:45 PST --- That's fine and dandy, except it doesn't work either: C:\Temp\D\Bug3420> dir Volume in drive C is WS2008X64 Volume Serial Number is 4CC8-8E34 Directory of C:\Temp\D\Bug3420 2009.11.30 12:38 <DIR> . 2009.11.30 12:38 <DIR> .. 2009.11.30 12:38 <DIR> dir 2009.11.30 12:38 38 test.d 1 File(s) 38 bytes 3 Dir(s) 11,197,788,160 bytes free C:\Temp\D\Bug3420> dir dir Volume in drive C is WS2008X64 Volume Serial Number is 4CC8-8E34 Directory of C:\Temp\D\Bug3420\dir 2009.11.30 12:38 <DIR> . 2009.11.30 12:38 <DIR> .. 2009.11.30 12:38 4 data.txt 1 File(s) 4 bytes 2 Dir(s) 11,197,788,160 bytes free C:\Temp\D\Bug3420> cat test.d const data = import("dir/data.txt"); C:\Temp\D\Bug3420> dmd -Jdir test.d test.d(1): Error: use -Jpath switch to provide path for filename dir/data.txt -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- | |||
November 30, 2009 [Issue 3420] Impossible to specify -J path for subdirectories | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Vladimir | http://d.puremagic.com/issues/show_bug.cgi?id=3420 Leandro Lucarella <llucax@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |llucax@gmail.com --- Comment #3 from Leandro Lucarella <llucax@gmail.com> 2009-11-30 13:56:36 PST --- I think you have to do this: const data = import("data.txt"); ^ no "dir/" $ dmd -Jdir test.d -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- | |||
November 30, 2009 [Issue 3420] Impossible to specify -J path for subdirectories | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Vladimir | http://d.puremagic.com/issues/show_bug.cgi?id=3420 --- Comment #4 from Vladimir <thecybershadow@gmail.com> 2009-11-30 14:01:19 PST --- Ah, I see. This should be clarified in the documentation... Also, doesn't anyone think that this could be too constricting? What if you have a directory tree of data to import? Not to mention not being able to import two files with the same filename but from different directories... -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- | |||
November 30, 2009 [Issue 3420] Impossible to specify -J path for subdirectories | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Vladimir | http://d.puremagic.com/issues/show_bug.cgi?id=3420 --- Comment #5 from Leandro Lucarella <llucax@gmail.com> 2009-11-30 14:10:12 PST --- (In reply to comment #4) > Ah, I see. This should be clarified in the documentation... Also, doesn't anyone think that this could be too constricting? I do. Maybe this can be changed to be a feature request. I really can't see how allowing subdirectories can be a security risk, you only have to check that the canonical name of the imported file is still in a subdirectory of an -J'ed directory. In POSIX you can use realpath(3) to get the canonical name of a file, then just check if the imported canonical name starts with any -J directory canonical name. -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- | |||
December 01, 2009 [Issue 3420] Impossible to specify -J path for subdirectories | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Vladimir | http://d.puremagic.com/issues/show_bug.cgi?id=3420 --- Comment #6 from Leandro Lucarella <llucax@gmail.com> 2009-11-30 16:44:19 PST --- Created an attachment (id=520) Proof of concept patch Here it is a proof of concept patch to allow directories in string imports *safely*. The check is done as I said in comment 5: -J paths are converted to canonical names, then the string import path is appended and the resulting path is again converted to a canonical name. Then, the canonical name is checked to be really in the canonical path. This prevents any type of highjacking (even with symlinks). Here is a simple example: import("x/../../y") in combination with -J.. (assuming /tmp/x is the current directory) is checked like this: 1) .. is converted to realpath(..) which yields /tmp 2) the canonical path is combined with the file name: /tmp/x/../../y 3) the new filename is converted to a canonical filename: /y 4) the canonical path and the canonical name are checked: /y doesn't start with /tmp, so the import is rejected. Unfortunately, I'm not a windows developer, and the path is only implemented for POSIX (and only tested in Linux, but if other *nixes don't work it should be fairly simple to fix). Compiling in Windows yields an error for now. If there is no way to implement this on Windows, it's fairly easy to allow this behavior in POSIX and fallback to the old behavior in Windows. Let me know if you want a patch for that. I'll attach a few test cases. -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- | |||
December 01, 2009 [Issue 3420] Impossible to specify -J path for subdirectories | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Vladimir | http://d.puremagic.com/issues/show_bug.cgi?id=3420 Leandro Lucarella <llucax@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |patch Severity|regression |enhancement -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- | |||
December 01, 2009 [Issue 3420] Impossible to specify -J path for subdirectories | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Vladimir | http://d.puremagic.com/issues/show_bug.cgi?id=3420 --- Comment #7 from Leandro Lucarella <llucax@gmail.com> 2009-11-30 16:51:47 PST --- Created an attachment (id=521) Test cases Here are some test cases, they are packed in a tarball because it includes a directory structure. Tests are in the directory d2, and they should be compiled in that directory. The tests have a small comment indicating what -J should be used to compile (other -J options should fail). You can test them all with this simple bash script (run it in the d2 directory): for f in test{1..7}.d do for j in . .. do echo -n "$f: "; head -n1 $f dmd -J$j $f && ./`basename $f .d` done done You have to go through the results and check them visually, the script can be improve to make the verification automatically. -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- | |||
December 01, 2009 [Issue 3420] Impossible to specify -J path for subdirectories | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Vladimir | http://d.puremagic.com/issues/show_bug.cgi?id=3420 --- Comment #8 from Leandro Lucarella <llucax@gmail.com> 2009-11-30 16:54:59 PST --- BTW, the patch I consider the patch only a proof of concept because it lacks Windows support (and testing on other unixes). Besides that, I think the patch is not bad =) -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- | |||
Copyright © 1999-2021 by the D Language Foundation