[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Java and Safe-TCL security (was Re: Java, Netscape, OpenDoc, and Babel)

To: [email protected] (Rich Salz)
Subject: Re: Java and Safe-TCL security (was Re: Java, Netscape, OpenDoc, and Babel)
From: Ray Cromwell <[email protected]>
Date: Fri, 4 Aug 1995 17:52:24 -0400 (EDT)
Cc: [email protected], [email protected], [email protected], [email protected]
In-Reply-To: <[email protected]> from "Rich Salz" at Aug 4, 95 05:12:53 pm
Sender: [email protected]

> 
> >the interpreter is made "safe" is to take a fully working tcl interpreter
> >(with full priveleges) at run time, and use TclDeleteCommand() to remove
> >offending commands. Safe-TCL is not emasculated at compile time, but at
> >run time.
> 
> I have been told by folks at Sun that they are planning on doing it at
> compile-time as well as at run-time.  One of the concerns I conveyed
> was that I want to make it easy to "pull out" the safe code and give
> it a security audit.

  SafeTcl or Java? I wish SafeTcl was isolated into a separate library
with compiled-in safety so I could embed it into my applications. As it is
now, I have to just use normal Tcl and hack in the MakeInterpreterSafe()
function which removes dangerous commands.

-Ray

Follow-Ups:
- Java and Safe-TCL security (was Re: Java, Netscape, OpenDoc, and Babel)
  - From: Phil Fraering <[email protected]>

References:
- Re: Java and Safe-TCL security (was Re: Java, Netscape, OpenDoc, and Babel)
  - From: Rich Salz <[email protected]>

Prev by Date: Re: IPng6, SWIPE, ssh, etc.
Next by Date: Re: IPng6, SWIPE, ssh, etc.
Prev by thread: Re: Java and Safe-TCL security (was Re: Java, Netscape, OpenDoc, and Babel)
Next by thread: Java and Safe-TCL security (was Re: Java, Netscape, OpenDoc, and Babel)
Index(es):
- Date
- Thread