> On 2002.11.28, Jeff Hobbs <[EMAIL PROTECTED]> wrote:
> > > how can "unsafe" tcl commands be removed or disabled? I think this
would
> > be
> > > done before compiling Tcl, so that they are disabled at that level...
> > > Reason is to protect (better) against someone that is able to
infiltrate
> > code
> > > fragments to the running webserver.
> >
> > Just do 'rename unsafeCmd {}'. There is no need to do it at the C
level.
>
> Is there a standard package that one could require that does this, so
> that people don't have to independently go and discover which are and
> aren't safe? Perhaps with a way to specify the level of safety you want
> to enforce ...
Well, the answer is yes, but the subtleties are infinite. The best
way is to just create a safe interpreter:
interp create -safe myInterp
and that will create a locked down interp, if you really want to eval
completely untrusted code. However, most people want to restrict just
some stuff, and allow others. You can either start with a regular or
safe interp, and hide or expose commands as you wish.
Brent Welch's book goes into this, and it is fairly well explained in
the Tcl docs.
Jeff Hobbs The Tcl Guy
Senior Developer http://www.ActiveState.com/
Tcl Support and Productivity Solutions
