Re: Java and Safe-TCL security (was Re: Java, Netscape, OpenDoc, and Babel)
the interpreter is made "safe" is to take a fully working tcl interpreter (with full priveleges) at run time, and use TclDeleteCommand() to remove offending commands. Safe-TCL is not emasculated at compile time, but at run time.
I have been told by folks at Sun that they are planning on doing it at compile-time as well as at run-time. One of the concerns I conveyed was that I want to make it easy to "pull out" the safe code and give it a security audit. /r$
the interpreter is made "safe" is to take a fully working tcl interpreter (with full priveleges) at run time, and use TclDeleteCommand() to remove offending commands. Safe-TCL is not emasculated at compile time, but at run time.
I have been told by folks at Sun that they are planning on doing it at compile-time as well as at run-time. One of the concerns I conveyed was that I want to make it easy to "pull out" the safe code and give it a security audit.
SafeTcl or Java? I wish SafeTcl was isolated into a separate library with compiled-in safety so I could embed it into my applications. As it is now, I have to just use normal Tcl and hack in the MakeInterpreterSafe() function which removes dangerous commands. -Ray
From: Ray Cromwell <rjc@clark.net> Date: Fri, 4 Aug 1995 17:52:24 -0400 (EDT) SafeTcl or Java? I wish SafeTcl was isolated into a separate library with compiled-in safety so I could embed it into my applications. As it is now, I have to just use normal Tcl and hack in the MakeInterpreterSafe() function which removes dangerous commands. -Ray You mean the "dangerous" commands can't just be left out of the proper place in the makefile or something? Phil
participants (3)
-
Phil Fraering -
Ray Cromwell -
Rich Salz