On 14.11.2025 15:06, Jean Louis Faucher wrote:
On 13 Nov 2025, at 16:06, Rony G. Flatscher <[email protected]> wrote:
Unlike all other security manager methods, the security manager method "REQUIRES" never gets
triggered!
Is there a solution to this problem, and if so, what would it be?
It's possible to receive the REQUIRES message by setting a security manager on the interpreter
instance.
😮
BUILTIN(SETSECURITYMANAGER)
{
  const size_t SETSECURITYMANAGER_Min = 0;
  const size_t SETSECURITYMANAGER_Max = 1;
  const size_t SETSECURITYMANAGER_manager = 1;
  check_args(SETSECURITYMANAGER);
  RexxObject *manager = optional_argument(SETSECURITYMANAGER, manager);
  Activity * activity = context->getActivity();
  if (activity == OREF_NULL) return TheFalseObject;
  InterpreterInstance *interpreter = activity->getInstance();
  if (interpreter == OREF_NULL) return TheFalseObject;
interpreter->setSecurityManager(manager); // OREF_NULL is supported (when no
argument given)
  return TheTrueObject;
}
Test:
call setSecurityManager .monitoringSupervisor~new
routine=.Routine~newFile(program) Â -- create routine object
I noticed that when used alone (i.e. no security manager on routine, the LOCAL and ENVIRONMENT
checkpoints are missing.
It's probably because there is no fallback to the default (i.e. interpreter's)
security manager.
Same remark for NativeCode.
When setting also the security manager on the routine, then the output is
complete.
setSecurityManager on interpreter instance
checkpoint "REQUIRES" .. NAME='JSON.CLS'
checkpoint "REQUIRES" ..
NAME='/Users/Shared/local/rexx/oorexx/scripts/SecurityManager/Rony1/JSON.CLS'
load json.cls
setSecurityManager on routine
calling routine
checkpoint "COMMAND" ... ADDRESS='sh', COMMAND='echo Hello There'
result: 0
checkpoint "CALL" ...... ARGUMENTS='0.5', NAME='SYSSLEEP'
checkpoint "STREAM" ....
NAME='/Users/Shared/local/rexx/oorexx/scripts/SecurityManager/Rony1/profile'
checkpoint "LOCAL" ..... NAME='ERROR'
The ERROR monitor
checkpoint "LOCAL" ..... NAME='METHODS'
checkpoint "ENVIRONMENT" NAME='METHODS'
.METHODS
a TEST: hello!
checkpoint "METHOD" .... ARGUMENTS='', NAME='MYPROTECTEDMETHOD', OBJECT='a TEST'
WOW!
Just to see whether I understood what this means:
* If one implements the above BIF and sets a security manager for an
interpreter instance, then
all code executed by that instance will be supervised with that security
manager? Would this
also include any called (not required) program?
* If one sets the security manager to the interpreter it may be the case that
the LOCAL,
ENVIRONMENT and REQUIRES checkpoints do not get called. However, if one sets
a security manager
to the routine object (result of .routine~newFile(...)), then these
checkpoints get called by
sending the appropriate messages to the security manager?
* So to get a fully functional security manager one needs to do two things, a)
set the interpreter
instance to a security manager, and b) set the routine object to a security
manager?
* It will be possible to remove the security manager from the instance by
invoking the BIF without
an argument? If one does this, then the requires, local and environment
checkpoints do not get
sent anymore?
Remember, a ticket was already opened by JMB:
https://sourceforge.net/p/oorexx/bugs/1886
Thank you for pointing that out!
Best regards
---rony
_______________________________________________
Oorexx-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/oorexx-devel
