From: Rich Salz <rsalz@osf.org>
To: perry@piermont.com
Message Hash: 69290f92328a5039eedfb36e01e7070e8c85019fbd901c38e204ed43b880d78e
Message ID: <9508042112.AA24506@sulphur.osf.org>
Reply To: N/A
UTC Datetime: 1995-08-04 21:14:33 UTC
Raw Date: Fri, 4 Aug 95 14:14:33 PDT
From: Rich Salz <rsalz@osf.org>
Date: Fri, 4 Aug 95 14:14:33 PDT
To: perry@piermont.com
Subject: Re: Java and Safe-TCL security (was Re: Java, Netscape, OpenDoc, and Babel)
Message-ID: <9508042112.AA24506@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain
>the interpreter is made "safe" is to take a fully working tcl interpreter
>(with full priveleges) at run time, and use TclDeleteCommand() to remove
>offending commands. Safe-TCL is not emasculated at compile time, but at
>run time.
I have been told by folks at Sun that they are planning on doing it at
compile-time as well as at run-time. One of the concerns I conveyed
was that I want to make it easy to "pull out" the safe code and give
it a security audit.
/r$
Return to August 1995
Return to “Rich Salz <rsalz@osf.org>”