[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: extensibility, compatible changes, and ocap security
From: |
Ludovic Courtès |
Subject: |
Re: extensibility, compatible changes, and ocap security |
Date: |
Wed, 14 Dec 2011 15:41:02 +0100 |
User-agent: |
Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.90 (gnu/linux) |
Hello!
Andy Wingo <address@hidden> skribis:
> However, this effectively gives another /capability/ to anyone that has
> access to the previously idempotent `current-input-port' procedure:
> namely, the ability to change the current input port. The question is,
> can we make this change in the default Guile?
There were 2 potential issues with making ‘current-input-port’ &
co. parameters:
1. One could have provided a non-input-port object, which would have
led to a segfault somewhere. Fortunately, the SRFI-39 parameter
setters now in boot-9 type-check ‘current-input-port’ & co.
2. Adding the ability to modify the input port through the parameter.
In actuality, this is not an addition, since
‘set-current-input-port!’ & co. have always been visible in the
default environment anyway.
IOW, I think making ‘current-input-port’ & co. SRFI-39 parameters was
harmless.
(On a more philosophical note, dynamically-bound capabilities like these
are Considered Harmful™ as mentioned in Section 3.4 of Rees’ “A Security
Kernel Based on the Lambda Calculus”. ;-))
Thanks,
Ludo’.