Menu

#4039 Safe base does not handle the new TM module mechanism

obsolete: 8.5.2
closed-fixed
Andreas Kupries
33. Safe Base (21)
7
2008-06-25
2008-06-20
Nicolas Castagne
No

Tcl Modules (TM, see TIP 189, http://tip.tcl.tk/189\) cannot be required from a safe interp.

EG:
% package require math::bigfloat
2.0.1
% ::safe::interpCreate
interp0
% interp eval interp0 "package require math::bigfloat"
can't find package math::bigfloat
% interp eval interp0 "package require math::linearalgebra"
can't find package math::linearalgebra

Since is a problem, since many of the important tcllib package are now provided through the TM mechanism.

The old versions of those packages are correctly loaded in the safe interp... but they are old versions !

According to Andreas Kupries, on the active tcl mail list:
"The code for the 'safe base' was likely not updated to handle searching for TMs... It may also be that the package unknown handler doing the search for TMs is not installed in safe interpreters. I would have to
check the init.tcl file doing that part of the setup."

Also :
"Remember, a big part of the 'package' command, the search for packages, is implemented in Tcl and plugged into the main command via 'package unkown'.
The relevant pieces of the core are in 'init.tcl', which sets up the plugging, 'package.tcl' handling the general package mechanism, and 'tm.tcl' for the Tcl Modules."

Discussion

  • Jeffrey Hobbs

    Jeffrey Hobbs - 2008-06-20

    Logged In: YES
    user_id=72656
    Originator: NO

    Would need backporting as well.

     

  • Jeffrey Hobbs

    Jeffrey Hobbs - 2008-06-20
    • milestone: --> obsolete: 8.5.2
    • summary: Save base does not handle the new TM module mechanism --> Safe base does not handle the new TM module mechanism
    • assigned_to: hobbs --> andreas_kupries
    • priority: 5 --> 7
     

  • Don Porter

    Don Porter - 2008-06-24

    Logged In: YES
    user_id=80530
    Originator: NO

    I think it would be good to get
    this fixed for Tcl 8.5.3.

     

  • Don Porter

    Don Porter - 2008-06-24
    • priority: 7 --> 9
     

  • Andreas Kupries

    Andreas Kupries - 2008-06-24

    Logged In: YES
    user_id=75003
    Originator: NO

    For when is the release of 8.5.3 planned ?

     

  • Andreas Kupries

    Andreas Kupries - 2008-06-24

    Logged In: YES
    user_id=75003
    Originator: NO

    First notes, collected during first investigative sweep.

    - The tcl::tm::UnknownHandler is not activated for safe interps (init.tcl, line 157ff).
    - Activation of the tcl::tm::UnknownHandler shows that it uses a series commands deemed unsafe (file normalize, file exists, glob). (**)
    - The problems with the first two are readily fixed, simply do not use them in a safe interp. Not sure if that is without repercussions, especially with regard to the normalize.
    - Usage of 'glob' however is essential. In the regular package mechanism not having it only kills the search in subdirectories of the auto_path. We can still directly source pkgIndex.tcl in directories, and catch problems. For Tcl Modules we do not have a fixed name. We have to search, i.e. glob. to fix this the safe base has to be extended with a 'safe glob' command, i.e. a restricted form of glob which can look only at the paths registered with the safe base. Or something like that.

    (**) Used
    proc ::log {args} { puts $args }
    safe::setLogCmd ::log
    to get debugging information out of the safe base.

     

  • Donal K. Fellows

    Donal K. Fellows - 2008-06-25

    Logged In: YES
    user_id=79902
    Originator: NO

    Arguably the locating of the package ought to be done in the master.

     

  • Don Porter

    Don Porter - 2008-06-25

    Logged In: YES
    user_id=80530
    Originator: NO

    ok, not the trivial fix I was expecting.

    Still important, but I won't block 8.5.3 for it.

     

  • Don Porter

    Don Porter - 2008-06-25
    • priority: 9 --> 7
     

  • Andreas Kupries

    Andreas Kupries - 2008-06-25

    Logged In: YES
    user_id=75003
    Originator: NO

    Patch attached.
    File Added: tm-safe-base.patch

     

  • Andreas Kupries

    Andreas Kupries - 2008-06-25

    Patch to make TMs work in the safe base

     
    tm-safe-base.patch

  • Andreas Kupries

    Andreas Kupries - 2008-06-25
    • status: open --> closed-fixed
     

  • Andreas Kupries

    Andreas Kupries - 2008-06-25

    Logged In: YES
    user_id=75003
    Originator: NO

    Committed to both head and 8.5 branch, test suite updated for the changes (the latter primarily dgp).

    Regarding 'locating of the package ought to be done in the master', that would have required a larger redesign of the safe base I think. The handling of the virtual to real path translation would change, and each 'package require' by the slave would have to reconfigure the package management in the master if the set of search paths is restricted, i.e. the slave not allowed to see all packages, only some, and/or in some specific corner of the fs just for them. For that having the code doing the locatingi n the slave and configured for the restrictions is much easier than having to switch the master around. IMHO.

     

  • Daniel A. Steffen

    Daniel A. Steffen - 2008-06-25

    Logged In: YES
    user_id=90580
    Originator: NO

    note that install-libraries in unix/Makefile.in appends a [::tcl::tm::roots] command to tm.tcl when TCL_MODULE_PATH is defined, is that command ok in a safe interp, or should it also have an [if {![interp issafe]}] check around it?

     

  • Andreas Kupries

    Andreas Kupries - 2008-06-26

    Logged In: YES
    user_id=75003
    Originator: NO

    Should have a check around it.
    I forgot about that place.