Date: Tue, 12 Mar 2024 15:53:13 +0200
If a malicious actor got inside my company and can freely access ‘ide’s and my build system, any hypotetical security considerations are moot.
Code can be validated cryptographically, along with the entire build system. Security-aware people have been coming up with design patterns and tools for this.
If this is a security risk, which it is, I’m not denying , then maybe the ISO board should wake up and realize it’s 2024 and some security considerations for the language are long overdue. I mean Java baked this into the language a gazillion years ago.
Just saying that it’s bad and it should not be used is not very useful.
On Tue, Mar 12, 2024, at 15:41, Tiago Freire wrote:
> A big no!
> Considering that most IDE's do static evaluation while you code, it
> would mean a malicious actor would be able to access stuff they were
> not supposed to just by someone else reading code.
> Imagine someone injecting malicious code in the source code, imagine
> someone reading source code to check if its is malicious and getting
> screwed just by reading source code.
> This is a level of scary I really don't want to touch.
>
> Your complier isn't a build system. If that is what you are going for
> you are already doing it wrong.
>
>
>
> -----Original Message-----
> From: Std-Proposals <std-proposals-bounces_at_[hidden]> On Behalf
> Of Andrei Grosu via Std-Proposals
> Sent: Tuesday, March 12, 2024 12:31 PM
> To: std-proposals_at_[hidden]
> Cc: Andrei Grosu <andrei_dg_at_[hidden]>
> Subject: [std-proposals] constexpr support in std::filesystem API
>
> The proposal is simple: constexpr support for the filesystem API.
>
> The need comes from writing a build system in (modern) C++.
> If there is support for compile-time access to the filesystem , it
> would be , in my opinion, the key missing piece for a build system
> implemented in modern C++.
> Without that you would have to depend on code generation , but with it
> , there is not much missing to build a fully featured build system in
> C++ itself.
>
> Is this a question of compiler complexity , to enable constexpr
> filesystem access ? It is not clear to me if there are other factors at
> play.
>
> Can anyone ‘in the know’ share some insights why it might or might not
> be feasable ?
> --
> Std-Proposals mailing list
> Std-Proposals_at_[hidden]
> https://lists.isocpp.org/mailman/listinfo.cgi/std-proposals
Code can be validated cryptographically, along with the entire build system. Security-aware people have been coming up with design patterns and tools for this.
If this is a security risk, which it is, I’m not denying , then maybe the ISO board should wake up and realize it’s 2024 and some security considerations for the language are long overdue. I mean Java baked this into the language a gazillion years ago.
Just saying that it’s bad and it should not be used is not very useful.
On Tue, Mar 12, 2024, at 15:41, Tiago Freire wrote:
> A big no!
> Considering that most IDE's do static evaluation while you code, it
> would mean a malicious actor would be able to access stuff they were
> not supposed to just by someone else reading code.
> Imagine someone injecting malicious code in the source code, imagine
> someone reading source code to check if its is malicious and getting
> screwed just by reading source code.
> This is a level of scary I really don't want to touch.
>
> Your complier isn't a build system. If that is what you are going for
> you are already doing it wrong.
>
>
>
> -----Original Message-----
> From: Std-Proposals <std-proposals-bounces_at_[hidden]> On Behalf
> Of Andrei Grosu via Std-Proposals
> Sent: Tuesday, March 12, 2024 12:31 PM
> To: std-proposals_at_[hidden]
> Cc: Andrei Grosu <andrei_dg_at_[hidden]>
> Subject: [std-proposals] constexpr support in std::filesystem API
>
> The proposal is simple: constexpr support for the filesystem API.
>
> The need comes from writing a build system in (modern) C++.
> If there is support for compile-time access to the filesystem , it
> would be , in my opinion, the key missing piece for a build system
> implemented in modern C++.
> Without that you would have to depend on code generation , but with it
> , there is not much missing to build a fully featured build system in
> C++ itself.
>
> Is this a question of compiler complexity , to enable constexpr
> filesystem access ? It is not clear to me if there are other factors at
> play.
>
> Can anyone ‘in the know’ share some insights why it might or might not
> be feasable ?
> --
> Std-Proposals mailing list
> Std-Proposals_at_[hidden]
> https://lists.isocpp.org/mailman/listinfo.cgi/std-proposals
Received on 2024-03-12 13:53:33