On 15.11.2025 14:28, Rick McGuire wrote:
I should point out that having a builtin function that allows setting the security manager is
itself a security problem.
:)
It seems that there is now a new possiblity in setting an interpreter instance to a security
manager, which does not exist yet, using Jean Louis' code. To cater for the security consideration
one could add a checkpoint for that particluar builtin function, as has been already done for the
the charin/charout/chars/linein/lineout/lines/stream builtin functions. Alternatively, one could
define a protected method to allow for setting/removing a security manager for an interpreter instance.
This would allow to create an interpreter instance, set a security manager and then execute any
potentially dangerous Rexx programs (e.g. from the Internet) on that instance. (BSF4ooRexx allows
for creating any number of Rexx interpreter instances such that one could even pick different
security managers for different instances and dispatch Rexx programs via them.) For this it would be
important that the local, environment and requires checkpoints get invoked.
---
However, it would still be interesting for certain use cases to be able to individually set a
security manager to a routine or method object to supervise its execution (and only these particluar
routine or method objects). For this the requires checkpoint needs to get invoked. (Just think of a
no-way security manager, which probably cannot be used at the instance level as quite quickly the
program gets stopped with a security syntax condition, but might make sense in individual cases.)
@Rick: Jean Louis inferred from his analysis that with ooRexx 4.2 the requires checkpoint gets
invoked; it invokes PackageManager::loadRequires when the routine object gets called, whereas ooRexx
5.x invokes PackageManager::loadRequires during the creation of the routine object already. Do you
think it to be possible in ooRexx 5.x to also invoke PackageManager::loadRequires at the call stage
like in the ooRexx 4.2 case and thereby causing the requires checpoint to get invoked?
---rony
On Sat, Nov 15, 2025 at 7:55 AM Josep Maria Blasco
<[email protected]> wrote:
Missatge de Jean Louis Faucher <[email protected]> del dia dv., 14 de
nov. 2025 a les 15:07:
It's possible to receive the REQUIRES message by setting a security
manager on the
interpreter instance.
BUILTIN(SETSECURITYMANAGER)
If this carries over to all calls and ::Requires, recursively, this would
be wonderful.
Having to reinstall the security manager after every call is a real
nuisance.
I noticed that when used alone (i.e. no security manager on routine,
the LOCAL and
ENVIRONMENT checkpoints are missing.
It's probably because there is no fallback to the default (i.e.
interpreter's) security
manager.
Same remark for NativeCode.
Maybe these fallbacks could be added? Then we would have a quite complete
implementation of sandboxes, with a single call to the new BIF.
Josep Maria
_______________________________________________
Oorexx-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/oorexx-devel
