Ticket UUID: | 2854929 | |||
Title: | Cannot load Tcl modules with :: in Safe Base interpreters | |||
Type: | Bug | Version: | obsolete: 8.6b1.1 | |
Submitter: | apnadkarni | Created on: | 2009-09-09 05:18:32 | |
Subsystem: | 33. Safe Base | Assigned To: | andreas_kupries | |
Priority: | 5 Medium | Severity: | ||
Status: | Closed | Last Modified: | 2009-11-06 04:01:09 | |
Resolution: | Fixed | Closed By: | andreas_kupries | |
Closed on: | 2009-11-05 21:01:09 | |||
Description: |
Logging this as per Andreas Kupries' direction on c.l.t. Tried on XP, using Active Tcl 8.6b1.1 ------- I've run into an issue with loading Tcl modules into interpreters created with ::safe::interpCreate. I'm not sure whether this is by design or a bug. The following piece of code executes without errors set ip [::safe::interpCreate] $ip eval {package require uri} (uri is a package in tcllib, as is uri::urn) The following errors out $ip eval {package require uri::urn} The uri package is loaded from C:/Tcl/lib/teapot/package/tcl/teapot/ tcl8/8.2/uri-1.2.1.tm whereas the uri::urn package is loaded from C:/Tcl/lib/teapot/package/tcl/ teapot/tcl8/8.4/uri/urn-1.0.2.tm The issue is that the Tcl module loading system maps a package name containing :: to subdirectories and while the safe interpreter's - accessPath contains the .....tcl8/8.2 directory, it does not contain the subdirectory (uri). Consequently, any Tcl modules with :: in the package name fail to load. The question is - is this by design or an oversight ? What is the danger (from a security perspective) to allow recursion if the directory path matches the path in the package name? /Ashok | |||
User Comments: |
andreas_kupries added on 2009-11-06 04:01:09:
allow_comments - 1 Fix is in head now too, with lots of other changes to bring this piece of code up to date. Closing. andreas_kupries added on 2009-11-05 00:56:05: Ok. A fix has been committed to the Tcl 8.5 branch, in time for the upcoming 8.5.8. Fix for head will come in short order. Delayed because I made a number of additional changes to bring the internal up to date with features of 8.5+, and remove crufty weirdness. andreas_kupries added on 2009-11-04 06:02:52: Oversight. andreas_kupries added on 2009-11-04 05:53:07: File Added - 349432: safe.patch |
Attachments:
- safe.patch [download] added by andreas_kupries on 2009-11-04 05:53:07. [details]