[REBOL] Dangerous (use of) Secure Re:(11)

lmecir Tue, 13 Jun 2000 19:00:42 -0700

Hi Jeff,

>
>        What happens if someone does something like this in
>        your secure-do, though?:
>
>        secure-do [
>            security: [file allow] get: func [/any][
>                do %bad-stuff.r
>            ]
>        ] 'throw [] []
>
>        -jeff
>

if I understood you correctly, you are asking what happens, if the
untrusted script were:

untrusted: [
    security: [file allow]
    get: func [/any][
        do %bad-stuff.r
    ]
 ]

let's try it with a more comfortable/debugged secure-do (sent to
[EMAIL PROTECTED]):

>> result: secure-do untrusted 'throw
>> probe :get
native
>> secure throw
== [net allow file [allow read ask write ask execute]]
>> probe get in result 'result
func [/any][
    do %bad-stuff.r
]
>> probe result/changed
[get security]
== [get security]
>>

That is all

    Ladislav

[REBOL] Dangerous (use of) Secure Re:(11)

Reply via email to