World: r3wp
[!REBOL3]
older newer | first last |
BrianH 8-Apr-2011 [7811x2] | Do we need the alpha/beta label removed for just the r3lib changes? It might be worth labeling as a separate product, so we can work on the host/extension stuff ourselves. |
I narrowed down 1825/1865 to the minimal code. I'll comment them accordingly. | |
Andreas 8-Apr-2011 [7813x2] | Tried on Linux or OSX as well? |
(Just privmsg me and I can try it quickly.) | |
BrianH 8-Apr-2011 [7815] | I rewrote http://issue.cc/r3/1865to match the real cause. Here's the code: resolve/extend/only context [] context [a1: a2: a3: a4: a5: a6: none] [a] If you all would try it on other platforms than Windows, that would help. On Windows you need 6 or more words in the source context to cause the bug. If that number is different for other platforms, it would be helpful to know. |
Andreas 8-Apr-2011 [7816] | Crashes on Linux and OSX as well. |
BrianH 8-Apr-2011 [7817] | The names of the words don't matter, nor does whether the word in the /only block is one of them or not. There needs to be at least one word in the /only block to crash. |
Andreas 8-Apr-2011 [7818x4] | But it's not "6 or more", it's precisely 6. |
Maybe even multiples of 6. | |
Nah, appears to be basically random. | |
Well, thanks for reducing it. | |
BrianH 8-Apr-2011 [7822] | Please note this in a ticket comment. It might be related to the sequence. In a fresh console on Windows, 6 will work every time. |
Andreas 8-Apr-2011 [7823x2] | 6 works on Linux and OSX on a fresh console every time as well. |
7 crashes both after the third call. | |
Maxim 8-Apr-2011 [7825] | so its probably heap corruption. |
BrianH 8-Apr-2011 [7826] | Updated the description related to the number. |
Andreas 8-Apr-2011 [7827x2] | Certainly looks like a memory corruption issue from the outside, yes. |
Will be much easier to pin down from the inside. | |
BrianH 8-Apr-2011 [7829x2] | The heap corruption might be the cause of #1207 as well. |
Sorry, I meant #1806. | |
GrahamC 9-Apr-2011 [7831x2] | Where exactly is one supposed to store user specific data for scripts eg. userid and passwords |
for esmtp etc | |
Kaj 9-Apr-2011 [7833] | We've talked about it before. It isn't defined yet |
GrahamC 9-Apr-2011 [7834] | Is this something we can define then? Reach a concensus? |
Kaj 9-Apr-2011 [7835] | Probably |
GrahamC 9-Apr-2011 [7836x2] | Anyone with a suitable suggestion? |
I'm suggesting a couple of wrapper functions to return userid and password etc so that these can be changed if the store system changes | |
Kaj 9-Apr-2011 [7838] | That's a good principle |
BrianH 9-Apr-2011 [7839x2] | The only consensus we reached was that %user.r would be a good place to store preferences, and that it should only store data. Executable code would be prohibited in %user.r, and screened for. But we never started the discussion of how the preference data would be formatted or managed. |
The no-executable-code thing is a security issue. R2's treatment of %rebol.r and %user.r is a big hole. | |
GrahamC 9-Apr-2011 [7841x2] | So, do we have a plan .. ?? |
Andreas is collecting blocks .. | |
BrianH 9-Apr-2011 [7843x7] | These settings shouldn't go into system/user in R3, they should go in system/options/user. The system object will be task-specific, but the options are probably going to be global. And system/options/user might best be a map!, with categorized options in sub- maps, blocks or objects, depending on the situation. Or better yet just sub-maps, with the serialized preferences in blocks of name-value pairs so they can be parsed, and converted to maps at runtime. |
system/options/user: make map! [ category1 #[map! [ option1 "value1" ... ] ... ] | |
Two-level category-options, and then the values could be any type you want. Screen thoroughly for evil values. | |
The %user.r serialization of this data should be human-writeable and loaded with LOAD, not DO. | |
The advantage to serializing directly in SAVE/all form is speed. The disadvantages are: - The preferences file would be uglier to write by hand than block form. - You would have to screen with ASSERT/type in FOREACH instead of PARSE. | |
But the slowness of validating would be offset by the speed of loading and saving, so it might be worth it. | |
Another disadvantage is that loading errors are currently harder to recover from with serialized constructors than they are with normal literal values like blocks. There's a ticket about this already. However, if you are loading the entire preference file in one go and just catching the error with TRY, there's no difference in the error handling. | |
Ladislav 10-Apr-2011 [7850x6] | The only consensus we reached was that %user.r would be a good place to store preferences, and that it should only store data. Executable code would be prohibited in %user.r, and screened for. - frankly, that decision never made sense to me. |
In my opinion, it is not more secure at all. | |
...and I am afraid, that it is not hard to prove | |
...serialized constructors... - For me, the terminology is quite unfortunate, because "1 2" is not "more serialized" than "#[false] #[true]" I still do not understand, why it is so important to pretend the opposite. | |
Such an approach just leads to bugs. | |
Instead of saying 'not "more serialized"', I should have said 'not "more or less serialized"' | |
Reichart 10-Apr-2011 [7856] | Interesting point. I would suspect the goal is to have the first, or top level be "code free", such that it is just settings. But then, if you "want" you can call upon other files that contain code. As a concept it sounds smart, which is unrelated to the reality that it might not be possible. So, "is it" possible. |
BrianH 10-Apr-2011 [7857x3] | Serialized constructors as opposed to serialized values. I used the "constructors" term to emhpasize the difference because the important distinction in that statement is the additional code that those constructions run in the loading process, beyond that in TRANSCODE itself. See http://issue.cc/r3/1857for the bug in question. |
The security issue is to not have a file that is done automatically be writeable using the same permissions that the scripts are run under. It's a way to prevent worms. | |
The real distinction is between serialized constructors: #[map! [a 1]] and programmatic constructors that you have to DO: make map! [a 1] | |
Ladislav 10-Apr-2011 [7860] | The security issue is to not have a file that is done automatically be writeable using the same permissions that the scripts are run under. - I do not have any problem to agree with that. But, in my opinion, this does not require to ban files, that are done automatically. Rather, we should make it possible to define special rights for such files. |
older newer | first last |