Tcl Source Code

Logging this as per Andreas Kupries' direction on c.l.t.
Tried on XP, using Active Tcl 8.6b1.1
-------
I've run into an issue with loading Tcl modules into interpreters
created with ::safe::interpCreate. I'm not sure whether this is by
design or a bug. The following piece of code executes without errors

set ip [::safe::interpCreate]
$ip eval {package require uri}

(uri is a package in tcllib, as is uri::urn)

The following errors out
$ip eval {package require uri::urn}

The uri package is loaded from C:/Tcl/lib/teapot/package/tcl/teapot/
tcl8/8.2/uri-1.2.1.tm whereas
the uri::urn package is loaded from C:/Tcl/lib/teapot/package/tcl/
teapot/tcl8/8.4/uri/urn-1.0.2.tm
The issue is that the Tcl module loading system maps a package name
containing :: to subdirectories and while the safe interpreter's -
accessPath contains the .....tcl8/8.2 directory, it does not contain
the subdirectory (uri). Consequently, any Tcl modules with :: in the
package name fail to load.

The question is - is this by design or an oversight ? What is the
danger (from a security perspective) to allow recursion if the
directory path matches the path in the package name?

/Ashok

allow_comments - 1

Fix is in head now too, with lots of other changes to bring this piece of code up to date.
Closing.

Ok. A fix has been committed to the Tcl 8.5 branch, in time for the upcoming 8.5.8.
Fix for head will come in short order. Delayed because I made a number of additional changes to bring the internal up to date with features of 8.5+, and remove crufty weirdness.

Oversight.

File Added - 349432: safe.patch