From: Donal K. F. <don...@ma...> - 2006-11-29 09:01:27
|
Carsten Gosvig wrote: >>After reading the comments on TIP#273 and rethinking my proposal, I >>admit that it has some serious security flaws. >> >>I just think that it should be possible to have this kind of feature >>and still be backward security compatible in some way. >> >>Doesn't anyone have some suggestion, instead of just rejecting the proposal? The proposal, as written, has no way to be fixed, as it means that there is no way to get a numeric value of something untrusted without extraordinary effort, and that the usual trick of [expr {int($x)}] is unsafe. Given that, there's no reason to do anything other than Reject. All is not lost though. Independent of this, there has been quite a bit of work put in to make it so that 8.5 will have a whole new way of processing expressions. In particular, with only minor preceding incantations it will be possible to use a very LISP-like syntax for the sorts of expressions that you're interested in: set foo [lindex $bar end-[int [lindex $boo [+ [* $stride $x] $y]]]] OK, that's a very contrived example. But it does indicate that there are alternatives. (There's also a whole new way of creating functions using commands so that the embedding the other way round is smoother too.) The relevant TIPs are #174 and #232. Donal. |