On Wed, Feb 17, 2010 at 11:29 AM, NotFound <[email protected]> wrote: >> As a middle-ground first step, howabout we break the non-necessary NCI >> signatures into a dynlib in the repo. That way we still have them in >> the repo if needed in the interim, we have a way to run tests on the >> mechanism locally, and we prepare for the larger refactors that Peter >> is suggesting. > > I like that idea. Even better, make it pluggable and selectable at > runtime. This way will also allow to easily control or disable his > usage in security arenas.
Runtime filtering of available signatures should already be doable: # warning: untested .include 'iglobals.pasm' .sub 'filter_out' .param string signature $P0 = getinterp $P1 = $P0[ .IGLOBALS_NCI_FUNCS ] delete $P1[ signature ] .end Of course, filtering based on signature seems a little coarse to me. The only really secure solution I can see is to load all permissible NCI funcs and then completely disallow NCI. But I am not a security expert. _______________________________________________ http://lists.parrot.org/mailman/listinfo/parrot-dev
