[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Guile bugs
|
From: |
Ludovic Courtès |
|
Subject: |
Re: Guile bugs |
|
Date: |
Mon, 11 Sep 2017 13:34:46 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) |
Hi Marko,
Marko Rauhamaa <address@hidden> skribis:
> address@hidden (Ludovic Courtès):
>
>> I don’t know to what extent that is applicable to your software, but my
>> recommendation would be to treat that network socket as a Scheme port,
>> pass it to ‘read’, and pass the result to ‘eval’ (as opposed to reading
>> the whole string from C++ and passing it to ‘scm_eval_string’.)
>
> Octet stream sockets break the stream at arbitrary locations. Eval isn't
> going to like it if you blindly hand bytes over to it. You first need to
> break the stream into complete S-expressions.
Sure, that’s what the ‘read’ part above does.
> Secondly, this lucrative pattern can be very dangerous as it allows
> arbitrary code to be executed at the peer end. In most applications, it
> is better to interpret the S-expressions explicitly.
Definitely. I’m not saying eval-over-the-network is a good thing to do
in general, mind you! :-)
Ludo’.
- Re: Guile bugs, Linas Vepstas, 2017/09/09
- Re: Guile bugs, Ludovic Courtès, 2017/09/10
- Re: Guile bugs, Linas Vepstas, 2017/09/10
- Re: Guile bugs, Linas Vepstas, 2017/09/14
- Re: Guile bugs, Ludovic Courtès, 2017/09/15
- Re: Guile bugs, Linas Vepstas, 2017/09/19
- Re: Guile bugs, Chris Vine, 2017/09/19
- Re: Guile bugs, Chris Vine, 2017/09/19
- Re: Guile bugs, Nala Ginrut, 2017/09/19