Re: [racket-dev] [plt] Push #27106: master branch updated
On Sun, Jul 7, 2013 at 1:26 PM, mfl...@racket-lang.org wrote: | Finally, `racket/base' provides the new function | `call-with-default-reading-parameterization', which is used to guard | various file `read's to make them consistent and avoid security holes. It looks like `call-with-default-reading-parameterization` allows reading compiled code. This seems potentially worrying in the contexts where we're reading various package-related files. Sam _ Racket Developers list: http://lists.racket-lang.org/dev
Re: [racket-dev] [plt] Push #27106: master branch updated
At Sun, 7 Jul 2013 13:42:22 -0400, Sam Tobin-Hochstadt wrote: On Sun, Jul 7, 2013 at 1:26 PM, mfl...@racket-lang.org wrote: | Finally, `racket/base' provides the new function | `call-with-default-reading-parameterization', which is used to guard | various file `read's to make them consistent and avoid security holes. It looks like `call-with-default-reading-parameterization` allows reading compiled code. This seems potentially worrying in the contexts where we're reading various package-related files. Yes, that was supposed to be off. I'll fix it. _ Racket Developers list: http://lists.racket-lang.org/dev