Save demo script in a file
and [source] in a trusted
interp:
interp create -safe slave
puts [slave eval {
return -level 0 "I know about [dict get [info frame 0] file]"
}]
This demonstrates filesystem
information leaking in the
safe interp.
Since [glob] is denied to a
safe interp, it seems that such
information is meant to be denied.
Logged In: YES
user_id=72656
Originator: NO
We can filter information with Tcl_IsSafe checks, but what exactly is "secure" info is a gray area.