home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!spool.mu.edu!agate!zonker.cs.berkeley.edu!dwallach
- From: dwallach@zonker.cs.berkeley.edu (Dan Wallach)
- Newsgroups: comp.lang.tcl
- Subject: Re: Tcl as a safe multimedia mail language (was Re: Insecurity of tk)
- Date: 29 Dec 1992 22:01:27 GMT
- Organization: University of California, Berkeley
- Lines: 25
- Message-ID: <1hqhrnINNdgb@agate.berkeley.edu>
- References: <1992Dec28.004651.24596@walter.bellcore.com>
- NNTP-Posting-Host: zonker.cs.berkeley.edu
-
- In article <1992Dec28.004651.24596@walter.bellcore.com> Nathaniel Borenstein <nsb@thumper.bellcore.com> writes:
- >True, but dangerous. Before I would depend on this approach in a
- >production implementation, I would want to have a Tcl command that gave
- >me the names of all currently-defined Tcl commands. I could then use an
- >"OK" list instead of a "DANGEROUS" list, which sounds like a much safer
- >approach.
-
- This really isn't a problem. "info commands" will list everything
- in your interpreter. It's trivial to hack up your main procedure
- to rsource a "safety" script before accepting any user input. If
- you're feeling really paranoid, just use Tcl_DeleteCommand() on
- all the dangerous things (e.g. exec).
-
- Since *everything* is a command, you could potentially remove *everything*
- except for your own custom procedures. No 'if', no 'while', no 'exit'.
- All you have to do is modify your main procedure. Of course, some
- commands can be bad to nuke (try redefining 'info' and see how much
- breaks! Fun for the whole family!), but if all you have are your
- own custom procs, you're fine.
-
-
- --
- Dan Wallach "One of the most attractive features of a Connection
- dwallach@cs.berkeley.edu Machine is the array of blinking lights on the faces
- Office#: 510-642-9585 of its cabinet." -- CM Paris Ref. Manual, v6.0, p48.
-
