|
| From: | Christian Robert |
| Subject: | Re: [Bug-apl] Safe mode is not so safe |
| Date: | Wed, 29 Mar 2017 00:39:40 -0400 |
| User-agent: | Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 |
Well,
address@hidden:/home/xtian] $ apl --help 2>&1 | fgrep safe
--safe safe mode (no shared vars, no native functions)
what is the meaning of "no native functions" ?
to me the Doc should be updated, or some work done to make it true.
juergen will choose.
Xtian.
On 2017-03-29 00:21, Elias Mårtenson wrote:
I'm implementing an IRC bot that can run arbitrary APL expressions. Since this bot can run code submitted by anyone, I need to ensure that the code can't affect the system where the APL expressions are executed. This is the purpose of the --safe flag, but I have noted that several destructive operations are still permitted when using this flag. In particular: * SQL operations * FILE_IO * )OUT * )DUMP, )DUMPV, )DUMP-HTML * )COPY, )LOAD, etc… * )HOST There is probably more, but preventing these would be a good start. Regards, Elias
| [Prev in Thread] | Current Thread | [Next in Thread] |