Re: gEDA-user: [RFC 1/6] Non-Turing-complete configuration files.

[r <nbs.public@xxxxxxxxx>]

On Fri, Jan 16, 2009 at 10:44 PM, Peter TB Brett <peter@xxxxxxxxxxxxx> wrote:
>
> Currently, the gEDA configuration files are executed by a Scheme
> interpreter. This has a number of flaws:
>
> 1. An error in a configuration file will cause it not to be fully
>   interpreted. This can potentially leave gEDA applications in an
>   unusable state or even cause it not to start at all. Furthermore,
>   this can be confusing to a new user, who might not be familiar with
>   Scheme or the quirks of gEDA configuration and thus more at risk of
>   making mistakes configuring gEDA.

Having a scripting language at hand is one of the most important
features of gEDA. At the moment this feature is not sufficiently
exploited because of limited API and perhaps poor implementation
(guile) but removing it would IMHO be a mistake.

The way to make it more user friendly is to improve and clean up the
API exposed to the user.

> 2. Per-project configuration files may legitimately be required. For
>   instance, they may be used to customize libraries of symbols or
>   hierarchical schematics. However, they currently pose a security risk
>   in that downloading and opening a set of schematics from the Internet
>   can easily result in arbitrary code being executed.

That's a real problem. Personally, I'd like gEDA not to bother with
security at all, not at this stage at least, and allow scripting even
in user's data (so that the user could parametrize his/her design more
flexibly).

This BTW could be done safely by sandboxing the language, i.e. by
interpreting it in its own environment and exposing only limited
functionality (access to the component and parent component
parameters, math functions&constants, perhaps flow control structures)
to the user. Such a limited Scheme interpreter can be implemented
safely and quite easily in Scheme itself.

As far as configuration files are concerned - control is more
important than security. Besides, being able to set an arbitrary
variable is not much safer than executing a guile script.

> My proposal is to use a Scheme-like syntax for the configuration files,
> but to parse rather than execute them. Naturally, it would be necessary
> to design the system carefully to ensure that all configuration
> parameters can be specified in the reduced syntax.

I think this will only shift complexity and security problems to
external scripts and make gEDA itself less flexible.

-r


_______________________________________________
geda-user mailing list
geda-user@xxxxxxxxxxxxxx
http://www.seul.org/cgi-bin/mailman/listinfo/geda-user