| Ticket UUID: | 1999119 | |||
| Title: | Safe base does not handle the new TM module mechanism | |||
| Type: | Bug | Version: | obsolete: 8.5.2 | |
| Submitter: | nicolascastagne | Created on: | 2008-06-20 20:32:00 | |
| Subsystem: | 33. Safe Base | Assigned To: | andreas_kupries | |
| Priority: | 7 High | Severity: | ||
| Status: | Closed | Last Modified: | 2008-06-26 09:32:20 | |
| Resolution: | Fixed | Closed By: | andreas_kupries | |
| Closed on: | 2008-06-25 17:55:29 | |||
| Description: |
Tcl Modules (TM, see TIP 189, http://tip.tcl.tk/189) cannot be required from a safe interp.
EG:
% package require math::bigfloat
2.0.1
% ::safe::interpCreate
interp0
% interp eval interp0 "package require math::bigfloat"
can't find package math::bigfloat
% interp eval interp0 "package require math::linearalgebra"
can't find package math::linearalgebra
Since is a problem, since many of the important tcllib package are now provided through the TM mechanism.
The old versions of those packages are correctly loaded in the safe interp... but they are old versions !
According to Andreas Kupries, on the active tcl mail list:
"The code for the 'safe base' was likely not updated to handle searching for TMs... It may also be that the package unknown handler doing the search for TMs is not installed in safe interpreters. I would have to
check the init.tcl file doing that part of the setup."
Also :
"Remember, a big part of the 'package' command, the search for packages, is implemented in Tcl and plugged into the main command via 'package unkown'.
The relevant pieces of the core are in 'init.tcl', which sets up the plugging, 'package.tcl' handling the general package mechanism, and 'tm.tcl' for the Tcl Modules."
| |||
| User Comments: |
andreas_kupries added on 2008-06-26 09:32:20:
Logged In: YES user_id=75003 Originator: NO Should have a check around it. I forgot about that place. das added on 2008-06-26 02:25:17: Logged In: YES
user_id=90580
Originator: NO
note that install-libraries in unix/Makefile.in appends a [::tcl::tm::roots] command to tm.tcl when TCL_MODULE_PATH is defined, is that command ok in a safe interp, or should it also have an [if {![interp issafe]}] check around it?
andreas_kupries added on 2008-06-26 00:55:29: Logged In: YES user_id=75003 Originator: NO Committed to both head and 8.5 branch, test suite updated for the changes (the latter primarily dgp). Regarding 'locating of the package ought to be done in the master', that would have required a larger redesign of the safe base I think. The handling of the virtual to real path translation would change, and each 'package require' by the slave would have to reconfigure the package management in the master if the set of search paths is restricted, i.e. the slave not allowed to see all packages, only some, and/or in some specific corner of the fs just for them. For that having the code doing the locatingi n the slave and configured for the restrictions is much easier than having to switch the master around. IMHO. andreas_kupries added on 2008-06-25 22:57:34: File Added - 282621: tm-safe-base.patch Logged In: YES user_id=75003 Originator: NO Patch attached. File Added: tm-safe-base.patch dgp added on 2008-06-25 21:47:46: Logged In: YES user_id=80530 Originator: NO ok, not the trivial fix I was expecting. Still important, but I won't block 8.5.3 for it. dkf added on 2008-06-25 18:36:20: Logged In: YES user_id=79902 Originator: NO Arguably the locating of the package ought to be done in the master. andreas_kupries added on 2008-06-25 01:17:05: Logged In: YES
user_id=75003
Originator: NO
First notes, collected during first investigative sweep.
- The tcl::tm::UnknownHandler is not activated for safe interps (init.tcl, line 157ff).
- Activation of the tcl::tm::UnknownHandler shows that it uses a series commands deemed unsafe (file normalize, file exists, glob). (**)
- The problems with the first two are readily fixed, simply do not use them in a safe interp. Not sure if that is without repercussions, especially with regard to the normalize.
- Usage of 'glob' however is essential. In the regular package mechanism not having it only kills the search in subdirectories of the auto_path. We can still directly source pkgIndex.tcl in directories, and catch problems. For Tcl Modules we do not have a fixed name. We have to search, i.e. glob. to fix this the safe base has to be extended with a 'safe glob' command, i.e. a restricted form of glob which can look only at the paths registered with the safe base. Or something like that.
(**) Used
proc ::log {args} { puts $args }
safe::setLogCmd ::log
to get debugging information out of the safe base.
andreas_kupries added on 2008-06-24 23:22:14: Logged In: YES user_id=75003 Originator: NO For when is the release of 8.5.3 planned ? dgp added on 2008-06-24 21:29:28: Logged In: YES user_id=80530 Originator: NO I think it would be good to get this fixed for Tcl 8.5.3. hobbs added on 2008-06-21 04:13:07: Logged In: YES user_id=72656 Originator: NO Would need backporting as well. nicolascastagne added on 2008-06-21 03:35:27: Logged In: YES user_id=1258423 Originator: YES See also discussion on comp.lang.tcl http://groups.google.com/group/comp.lang.tcl/browse_thread/thread/3e15e20b001e6ecf | |||
Attachments:
- tm-safe-base.patch [download] added by andreas_kupries on 2008-06-25 22:57:34. [details]