[Ecls-list] Kamen Lisp update, questions
Dustin Long
dlong at stevens.edu
Wed Apr 25 15:40:43 UTC 2007
Thibault Langlois wrote:
>> Now I have some questions, if I may:
>>
>> 1) For the security model, are there any other dangerous symbols I
>> missed? I know there's at least a few I noticed at the last minute but
>> forgot to include. But I'd like to make sure I get them for in the next
>> release.
>>
>>
>
> I think INTERN and MAKE-SYMBOL should be avoided:
>
> (mapc #'(lambda (p) (funcall (intern "DELETE-FILE") p))
> (funcall (intern "DIRECTORY") "/home/user/*")))
>
> :-/
>
> Thibault
>
>
No, they don't need to be; this sort of thing will not work. The
security checks are at the implementation level, so it doesn't matter
how the functions are called. The code in the core library which
implements "directory", as well as "delete-file", is where the check
happens, so it is impossible to circumvent using lisp tricks.
Dustin
More information about the ecl-devel
mailing list