Wojciech Kocjan <[EMAIL PROTECTED]> writes:
[ I'm back from the PLUTO meeting. It was fun, and I gave a talk on
mod_dtcl in Italian :-) ]
> On 8 Dec 2000, David N. Welton wrote:
> > 3) Investigate safe interpreters.
> I could send you my tcl code to provide safe interpreting of
> articles. It uses subst, replaces <+ +> to [] and (which actually
> works a bit different than should, but ... works :). It uses safe
> interpreters, then removes almost every command (except I suppose 3
> commands) and adds only ones defined in ::eval namespace of the
> originating interpreter.
> What wonders me more is availibility to hack through safe interpreter.
> Let's say my interp only allows me to use my proc:
> proc cmd_test {args} {
> hputs [join $args "<BR>\n"]
> }
> What are the chances of someone executing something else than cmd_test in
> the safe interpreter... (mostly exec command)
Why don't you post the code to the list, and we can have a go at
'cracking' it. If it's alright with you, I can include it in
contrib/, too.
Ciao,
--
David N. Welton
Personal: http://www.efn.org/~davidw/
Free Software: http://people.debian.org/~davidw/
Apache Tcl: http://tcl.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
