World: r3wp
[Core] Discuss core issues
older newer | first last |
Volker 6-Jan-2006 [3094x2] | but making a shortcut or menu-entry instead, is that to difficult? |
Then encap? | |
Pekr 6-Jan-2006 [3096] | I will simply accept the rule that I should not develop outside my sandbox, or it gets denerving :-) |
Volker 6-Jan-2006 [3097x4] | Or the cruel trick: put script in c:\ . then everything is in a subfolder. except of the 25 other letters. |
I personally like the requesters. Its so easy to accidentally click. Then i can say "No dont delete this!" | |
(click and launch one of these half-baked test-script i mean) | |
For that total commander: is a bat to terrible? | |
Pekr 6-Jan-2006 [3101] | ah, bat could be a solution, yes, thanks ... |
MichaelB 6-Jan-2006 [3102] | Jaime: I checked your code above: first I thought it's not possible, then I thought wow, but I got one thing left that doesn't work: You're using the 'class word to bind the code of the functions of an object later to the right object - this doesn't work, because 'class is always bound to the function context and thus has the last object referenced - in your example no problem, because the code is the same - but with different code doesn't work anymore - maybe with one of the closures it would work - because 'class gets always bound to a new context (but I'm not sure yet whether I understand it right) CounterClass2: context [ d: 0 bump2: does [d: d + 1] read2: does [d] bump-by2: func [inc][d: d + inc] ] ctr1: make-instance CounterClass ctr2: make-instance CounterClass2 ctr1/bump ctr1/bump ctr1/read ctr2/bump2 ctr2/read2 fails, because at ctr1/bump, class is bound to object CounterClass2 which has only bump2 so if this gets sorted out - it seams to be really difficult to access the hidden contexts (or impossible, because after invoking the function the contexts are gone) |
JaimeVargas 6-Jan-2006 [3103x5] | Humm. This is strange. Let me check it here. |
Solved. See below. | |
make-instance: func [ class [object!] /local class-vars instance-data class-methods v ][ class-vars: copy [*-private-*] class-methods: copy [] instance-data: copy [] foreach w next first class [ either function! = type? v: get in class :w [ append class-methods compose/deep [ (to set-word! :w) func [(first :v)] [ bind second get in (:class) (to lit-word! :w) '*-private-* do reduce [get in (:class) (to lit-word! :w) (first :v)] ] ] ][ append class-vars :w append instance-data reduce [to set-word! :w :v] ] ] use class-vars compose/deep [ (instance-data) context [(class-methods)] ] ] | |
The beaty of this is that you are able to change a class method, changing the behaviour of all instances at the same time. | |
While the private state vars are kept private, and current. | |
MichaelB 6-Jan-2006 [3108x2] | yes - that's good now. I just have to try to access the object in malicous ways - if it's not possible then this is the first time I see (doesn't have to mean anything of course) completely hidden data of an object. |
So we could make some rules how to make data completely invisible: a) all words to be used later have to be used indirect via words in the function (like the traversing of the objects words via [foreach w next first 'object ... ] b) if that's not possible the words used in the function (if they expose any context) have to be cleaned by a use which doesn't return the context b) is actually the really smart thing to me - the 'use and the returning of the new context in 'use - so one can't catch the 'use context and get the words with the usual means | |
JaimeVargas 6-Jan-2006 [3110] | Howver there is a way to access the private ctx. It is leave as an exercise to the reader. |
Volker 6-Jan-2006 [3111x2] | If you have access to a function-body you can get the values of all words. Still it is a lot obfuscated. |
Oops. Saw your last posting was to late, sorry. | |
JaimeVargas 6-Jan-2006 [3113] | I actually there is a way to improve this which will make it 100% secure, but it will lose a different property. |
MichaelB 6-Jan-2006 [3114] | Ok, me as the reader is searching then, at least it's not too obvious or I'm too blind today. :-) |
JaimeVargas 6-Jan-2006 [3115] | ;-) |
MichaelB 6-Jan-2006 [3116] | ctr1/read == 2 >> ctr1/bump == 3 bl: [c] == [c] >> f: get in ctr1 'read >> o: third tenth second :f >> bind bl first second get in o 'read == [c] >> set first bl 12 == 12 >> ctr1/read == 12 :-) But how you want to prevent this ? I mean what property you talked about would get lost ? |
JaimeVargas 6-Jan-2006 [3117] | Good job. The property lost will be the ability to change a class method and propagating the new behaviour to all instances at the same time. |
MichaelB 6-Jan-2006 [3118] | Just saw - a little bit easier would have been to do it with *-private-*. |
JaimeVargas 6-Jan-2006 [3119] | Now you got it completely. That is the backdoor. |
Volker 6-Jan-2006 [3120] | I have access to global context, can patch functions there (which you use - or?) and traverse everything. Hmm, could clone all meazines and never return. then the only reference is from the stack, which is not traversable. |
MichaelB 6-Jan-2006 [3121x2] | behavior change: you mean by copying the code and hiding it in a 'use ? |
or something like that ? | |
JaimeVargas 6-Jan-2006 [3123] | Yes. |
MichaelB 6-Jan-2006 [3124] | That's my problem with Rebol, on the one side I hate this vulnerability, on the other side it's so nice to be able to bind around like wished. |
JaimeVargas 6-Jan-2006 [3125x3] | Well ObjC allows you to bind to anything and instrospect anything. So I think is all is good. |
Here is the safe version: | |
CounterClass: context [ c: 0 bump: does [c: c + 1] read: does [c] bump-by: func [inc][c: c + inc] ] make-instance: func [ class /local class-vars instance-data class-methods v ][ class-vars: copy [*-private-*] class-methods: copy [] instance-data: copy [] foreach w next first class [ either function! = type? v: get in class :w [ append class-methods compose/deep [ (to set-word! :w) func [(third :v)] [ (bind copy second get in class (to lit-word! :w) '*-private-*) ] ] ][ append class-vars :w append instance-data reduce [to set-word! :w :v] ] ] use class-vars compose/deep [ (instance-data) context [(class-methods)] ] ] ctr1: make-instance CounterClass ctr2: make-instance CounterClass ctr1/bump ctr1/bump ctr1/read ctr2/bump ctr2/read | |
MichaelB 6-Jan-2006 [3128] | I didn't know this - thought always only a highly dynamic language would allow this - but never watched ObjC - thought it's also kind of C++ - just that they went into a different direction at some point, more pure OO. |
Volker 6-Jan-2006 [3129] | The object-part is quite smalltalk afaik. Only they skip the bytecode-interpreter and "inline" the calls to c. |
JaimeVargas 6-Jan-2006 [3130] | Correct. |
MichaelB 6-Jan-2006 [3131] | unfortunately easier: :-( so my thoughts seamed to be wrong as well f: get in ctr1 'read >> ctr1/read == 2 >> set first second :f 12 == 12 >> ctr1/read == 12 |
Volker 6-Jan-2006 [3132] | If the interpreter can find a way from the console to the access, a selfmade "interpreter" can find it too. |
MichaelB 6-Jan-2006 [3133x2] | I think the problem is simply that one can't really prevent the use of the words in the code of the functions in the object. |
Jep. | |
JaimeVargas 6-Jan-2006 [3135] | MichaelB. I thought I have done it. Ok. It was a good try. I like the first version though. I enables for some neat stuff. Even when having some holes. |
MichaelB 6-Jan-2006 [3136] | Volker: actually you explanation sounds almost like a proof to forget it completely. Too simple - but Rebol is all about words getting interpreted. |
Volker 6-Jan-2006 [3137] | I think that is no big problem. If you give code-control, you are doomed anyway. Hmm, could be used to have a password to login and destroy it reliable. The secure way is to launch an external process to run user-code IMHO. Add 'secure unset 'struct! and hope there are no overflowes. Should be pretty save. |
MichaelB 6-Jan-2006 [3138] | Jaime: I saved you code - it's nice nevertheless. :-) |
Volker 6-Jan-2006 [3139x2] | Not completely - the code still needs access to the global context. if you bind every word in an own context and put selected functions there, it would work. Still tricky, for example 'second can not be exposed, else you get the functions body. I may forget other issues. |
BTW would be nice if secure would support ulimit-calls. | |
MichaelB 6-Jan-2006 [3141x2] | That's one of my problems if I would like to have capability security in Rebol - all these omnipotent (is this the right word?) words, shouldn't be allowed - eg. only if my code gives out the right to introspect itself something like 'second should be calleable. |
what does that mean ? the secure thing ? | |
Volker 6-Jan-2006 [3143] | something like secure [file quit %./public allow memory 2000 timeout 2] |
older newer | first last |