← Back to index | Original Bugzilla link

Bug 989 – Security hole

Status: RESOLVED
Resolution: FIXED
Severity: normal
Priority: P2
Component: dmd
Product: D
Version: D1 (retired)
Platform: x86
OS: Windows
Creation time: 2007-02-21T03:30:00Z
Last change time: 2014-02-16T15:24:09Z
Assigned to: bugzilla
Creator: samukha

Comments

Comment #0 by samukha — 2007-02-21T03:30:39Z

Comment #1 by fvbommel — 2007-02-21T03:44:16Z

A bit more information would probably be helpful...

Comment #2 by samukha — 2007-02-21T04:02:45Z

Sorry, I just pushed the wrong button. The issue is that import() allows to escape to -Jpath's parent directories if "../" is used in import file name. But please don't disallow relative paths to subdirectories of -Jpath.

Comment #3 by bugzilla — 2007-03-19T18:51:30Z

This is disallowed in 1.009.