REBOL 3.0

Comments on: Too much security on non-Windows releases

Carl Sassenrath, CTO
REBOL Technologies
7-Oct-2009 19:40 GMT

Article #0263
Main page || Index || Prior Article [0262] || Next Article [0264] || 3 Comments || Send feedback

With the release of A87 on OS X and Linux, a little problem pops up:

carl@ubuntu: ./r3 test.r
...
Evaluating: test.r
** Access error: security violation: %../test.r
...

Well, that's the ultimate security, isn't it? You don't get to run anything. This of course is a bug. You should be able to run your scripts from the command line arguments.

The work-around for your own trusted scripts is to use the -s option:

carl@ubuntu: ./r3 -s test.r

You can add back some security in your rebol.r file with a line like:

secure [file quit %./ allow]

We'll research the problem and get this fixed, hopefully by the next release.

3 Comments

Comments:

Brian Hawley
7-Oct-2009 17:13:30
Already fixed 2 weeks ago in DevBase. Guess you've been busy with native code. Please review the submissions and include them in the next release.
Carl Sassenrath
9-Oct-2009 0:29:47
Thanks Brian... yes, been "parse crazy". Will grab them.
Carl Sassenrath
10-Oct-2009 23:39:56
I only see a single line change in mezz-intrinsics.r -- and that's a fix I've already made in A87 (differently, due to parsing of the args to be R2 compatible.)

I'll research this a bit more before doing the A88 builds for Linux and OS X. It's not immediately clear, but could be related to startup directories or such settings.

Post a Comment:

You can post a comment here. Keep it on-topic.

Name:

Blog id:

R3-0263


Comment:


 Note: HTML tags allowed for: b i u li ol ul font span div a p br pre tt blockquote
 
 

This is a technical blog related to the above topic. We reserve the right to remove comments that are off-topic, irrelevant links, advertisements, spams, personal attacks, politics, religion, etc.

REBOL 3.0
Updated 17-Oct-2017 - Edit - Copyright REBOL Technologies - REBOL.net