Re: [TCLCORE] TIP 702 - static linking for registry and dde

[Kevin K. <kev...@gm...>]

On Sun, Oct 20, 2024 at 7:26 AM Jan Nijtmans <jan...@gm...> wrote:

>
> I hope I will not the only one to be objecting, but here are my reasons:
> 1) dde and registry are 'dangerous' extensions. Dde has the same
> functionality as the "send" command,
>     which was disabled due to security concerns. Registry makes it
> possible to read and write
>     registry settings, which could also make the computer screw up
> completely. Separating
>     them would make it possible to remove them, if some application
> doesn't need it.
>

For what it's worth, I've never used 'dde' to have Tcl accept DDE
transactions. I've used it only to inject commands into foreign
applications. (I seldom need dde for that any more. Tcom and Twapi do what
I need, and do it better.)

'dde' and 'send' did have severe security implications because of the
danger of code injection from another application on the machine.  The same
argument doesn't apply to the use of 'dde' to command foreign applications
or of 'registry' to modify registry settings. Issuing a command to a
foreign app, or querying or adjusting the registry, is under the full
control of the programmer.  It doesn't hand the reins to an unrelated
application.

Registry actions are kind of required.  On Windows, for instance, as you
observe, [clock] needs to query the registry for time zone and locale
information. I don't see why it should be any different whether the query
originates in a Tcl script or a C wrapper function. We've generally
operated on the principle of having the language provide to users
everything that the library can do.

Tcl scripts have access to the filesystem and to [exec], both of which
already provide ample ways to screw up the computer.


-- 
73 de ke9tv/2, Kevin