guile-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: extensibility, compatible changes, and ocap security


From: Ludovic Courtès
Subject: Re: extensibility, compatible changes, and ocap security
Date: Wed, 14 Dec 2011 15:41:02 +0100
User-agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.90 (gnu/linux)

Hello!

Andy Wingo <address@hidden> skribis:

> However, this effectively gives another /capability/ to anyone that has
> access to the previously idempotent `current-input-port' procedure:
> namely, the ability to change the current input port.  The question is,
> can we make this change in the default Guile?

There were 2 potential issues with making ‘current-input-port’ &
co. parameters:

  1. One could have provided a non-input-port object, which would have
     led to a segfault somewhere.  Fortunately, the SRFI-39 parameter
     setters now in boot-9 type-check ‘current-input-port’ & co.

  2. Adding the ability to modify the input port through the parameter.
     In actuality, this is not an addition, since
     ‘set-current-input-port!’ & co. have always been visible in the
     default environment anyway.

IOW, I think making ‘current-input-port’ & co. SRFI-39 parameters was
harmless.

(On a more philosophical note, dynamically-bound capabilities like these
are Considered Harmful™ as mentioned in Section 3.4 of Rees’ “A Security
Kernel Based on the Lambda Calculus”.  ;-))

Thanks,
Ludo’.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]