[cl-json-devel] Problem with latest sbcl
Boris Smilga
boris.smilga at gmail.com
Wed Apr 15 17:40:44 UTC 2009
On Wed, Apr 15, 2009 at 2:13 AM, Henrik Hjelte <henrik at evahjelte.com> wrote:
> Trying the latest patches on todays cvs version of sbcl, 1.0.27.9,
> totally breaks the testcases. Whereas the old version works. So be a
> bit careful to use the darcs version for a while in a stable
> environment.
Uh... That could be SBCL bugs, couldn't it?
To be earnest, I only use Lisp implementations from ports collections
as a general rule, but I'll look into that. I would not be surprised
at seeing s o m e tests fail, but if the breakdown is as massive as
you imply, this is definitely an emergency case.
> Boris, one thing I am not sure about, the security implications of the
> clos decoder. How do you make sure that an evil user doesn't create a
> lispClass ticking-bomb in the lispPackage not-so-secret? Or do I read
> the docs to bad?
No, your concerns are perfectly justified, the manual doesn't really
address this issue. I should write that up.
The simplest way to prevent undesired objects from being created, as
far as I understand, is to define a prohibitive MAKE-OBJECT method
specialized for the (name of) every dangerous class—or, if that better
suits your policy, a general prohibitive method plus a permissive
method for every class guaranteed safe.
- B. Sm.
More information about the cl-json-devel
mailing list