----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, June 08, 2000 11:01 PM
Subject: [REBOL] Dangerous (use of) Secure
> Hi Rebols,
>
> as I understand it, the main point of Secure is its ability to
> restrict the rights of an untrusted script (eg. %untrusted.r),
> when the user is not sure, if he/she can run it without eg.
> damaging his/her files on the harddisk.
>
> Here is an example of a naive use of Secure:
>
> ; create a sanbox directory, if it doesn't exist already
> sandbox: %./sandbox/
> if not exists? sandbox [
> make-dir sandbox
> ]
> ; give the untrusted script file rights in the sandbox and no file
> rights elsewhere
> orig-rights: do compose/deep [
> secure [
> net allow
> file throw
> %. [allow read allow execute]
> (sandbox) allow
> ]
> ]
> change-dir sandbox
> do %../untrusted.r
> print "Untrusted script done."
> change-dir %../
> ; restore the original rights - potentially dangerous operation -
> see below
> do reduce ['secure :orig-rights]
>
> Although the above looks allright, if the untrusted script looks
> like:
>
> Rebol [
> File: %untrusted.r
> ]
> love-you: func [
> 'level [word! block!]
> ] [
> love-you allow
> print "I love you!"
> ]
> set [love-you secure] reduce [:secure :love-you]
>
> the user's files may get damaged, which implies, that restoring
> the security level after executing an untrusted script is
> dangerous!
>
> What do you think?
>
> Ladislav
>
Hi Ladislav,
Good find. I would have thought that 'secure would be a word that is
protected from such redefinition.
Redefining it seems like a very obvious hack and not one I'd expect to be
available.
I hope you're sending it to feedback
Cheers,
Allen K
