[Xotcl] Re: Safe interp for xotcl
Jeff Hobbs
jeffh at ActiveState.com
Mon Apr 4 19:13:41 CEST 2005
Gustaf Neumann wrote:
> Since xotcl uses ordinary tcl interps, i would assume, it
> inherits the safetiness of save tcl interps. Since xotcl does
> not do any socket handling, file-i/o, exec's, etc., i would
> think, this is a good start. If you see commands that we
> should deactivate in safe interps, please let me know.
You have to be careful with anything you add at the C level for
safe interps. Whatever you create in Tcl in safe interps is by
definition safe (if you aren't aliasing into the master), because
of the model. However, in C you can expose anything. While you
might not directly expose exec, IO, etc., you have to consider
how you might indirectly expose that functionality and how a user
might exploit that. I'm not saying that xotcl does, but you
should just consider the implications of each C-based command
individually. You also have the Tcl_IsSafeInterp C API for
variant behavior in safe interps.
Jeff Hobbs, The Tcl Guy
http://www.ActiveState.com/, a division of Sophos
More information about the Xotcl
mailing list