Anton:
> That would stop any mail sending.
That solves one problem, but requires third-party software to keep REBOL safe.
And, as Gregg says:
> The allure of configurable apps, with REBOL as a macro language, is
> powerful; but danger doesn't lurk there, it's in plain sight.
How could we safely run *any* REBOL script as a macro language without it
doing damage?
I don't think there is a simply answer to that, and any answer will need RT's
involvement. But here is one possibility
RT create (yet another) REBOL executable called (say) REBOL/Macro.
That contains generally thought of as "safe" code -- say the ability to do
arithmetic, create series, and so on.
But it does not contain native code to do anything "unsafe" -- like send or
read or write and much else.
Instead, those functions are passed back to the invoking program for checking
and actioning.
>From the viewpoint of the calling program, it might look something like this:
untrusted-code: read %untrusted-code.r
do-unsafe/time-quota untrusted-code
[send: true ;; allows send without any checking
read: func [] [] ;; function to handle read on behalf of
untrusted code
]
0:0:02 ;; time quota 2 seconds
Any unsafe function not set to true or given a handler will not be permitted
do-unsafe loads the REBOL-macro interpreter, so the untrusted code has no
access to any mezzanines or the system object of the caller.
The untrusted code is halted (or there may be a call back for confirmation)
after 2 seconds elapse time.
***
REBOL as its own macro language is a flexible and powerful opportunity to do
some real X-internet applications.....It just needs to be made safe, as Gregg
says.
Sunanda.
--
To unsubscribe from the list, just send an email to
lists at rebol.com with unsubscribe as the subject.
