[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: gEDA-user: [RFC 1/6] Non-Turing-complete configuration files.
On Sat, Jan 17, 2009 at 5:08 PM, Peter Clifton <pcjc2@xxxxxxxxx> wrote:
>
>> Sorry if I will be too long, but this is an important question.
>> Short version: Don't Do That!
>
> Rebuttal:
>
> Least important reason: Turing complete may present security
> implications.
>
> (BTW: Just saying "sandbox" the interpreter is very easy. Actually doing
> it properly is another matter.)
Well, when it comes to security nothing is easy. But writing a safe
sandboxed Scheme interpreter is not more difficult than writing a safe
configuration parser. Both solutions share same two risks: parsing
(especially when implemented in C) and accessing exposed
primitives/variables.
> Real crux of the matter: If you accept free-form input, it becomes
> inordinately more difficult to write any sane GUI, or write-back of
> changed config options. (Since the config file might be arbitrarily
> complex).
Fair enough. I'm not particularly attached to the current
configuration mechanism (although setting callbacks without this could
be difficult). I just don't think it is broken or particularly needs
an improvement. Actually, this is currently one of the gEDA's
strongest points.
Regards,
-r
_______________________________________________
geda-user mailing list
geda-user@xxxxxxxxxxxxxx
http://www.seul.org/cgi-bin/mailman/listinfo/geda-user