r3wp [groups: 83 posts: 189283]
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

World: r3wp

[!REBOL3]

BrianH
8-Apr-2011
[7815]
I rewrote http://issue.cc/r3/1865to match the real cause. Here's 
the code:

    resolve/extend/only context [] context [a1: a2: a3: a4: a5: a6: none] 
    [a]

If you all would try it on other platforms than Windows, that would 
help. On Windows you need 6 or more words in the source context to 
cause the bug. If that number is different for other platforms, it 
would be helpful to know.
Andreas
8-Apr-2011
[7816]
Crashes on Linux and OSX as well.
BrianH
8-Apr-2011
[7817]
The names of the words don't matter, nor does whether the word in 
the /only block is one of them or not. There needs to be at least 
one word in the /only block to crash.
Andreas
8-Apr-2011
[7818x4]
But it's not "6 or more", it's precisely 6.
Maybe even multiples of 6.
Nah, appears to be basically random.
Well, thanks for reducing it.
BrianH
8-Apr-2011
[7822]
Please note this in a ticket comment. It might be related to the 
sequence. In a fresh console on Windows, 6 will work every time.
Andreas
8-Apr-2011
[7823x2]
6 works on Linux and OSX on a fresh console every time as well.
7 crashes both after the third call.
Maxim
8-Apr-2011
[7825]
so its probably heap corruption.
BrianH
8-Apr-2011
[7826]
Updated the description related to the number.
Andreas
8-Apr-2011
[7827x2]
Certainly looks like a memory corruption issue from the outside, 
yes.
Will be much easier to pin down from the inside.
BrianH
8-Apr-2011
[7829x2]
The heap corruption might be the cause of #1207 as well.
Sorry, I meant #1806.
GrahamC
9-Apr-2011
[7831x2]
Where exactly is one supposed to store user specific data for scripts 
eg. userid and passwords
for esmtp etc
Kaj
9-Apr-2011
[7833]
We've talked about it before. It isn't defined yet
GrahamC
9-Apr-2011
[7834]
Is this something we can define then?  Reach a concensus?
Kaj
9-Apr-2011
[7835]
Probably
GrahamC
9-Apr-2011
[7836x2]
Anyone with a suitable suggestion?
I'm suggesting a couple of wrapper functions to return userid and 
password etc so that these can be changed if the store system changes
Kaj
9-Apr-2011
[7838]
That's a good principle
BrianH
9-Apr-2011
[7839x2]
The only consensus we reached was that %user.r would be a good place 
to store preferences, and that it should only store data. Executable 
code would be prohibited in %user.r, and screened for. But we never 
started the discussion of how the preference data would be formatted 
or managed.
The no-executable-code thing is a security issue. R2's treatment 
of %rebol.r and %user.r is a big hole.
GrahamC
9-Apr-2011
[7841x2]
So, do we have a plan .. ??
Andreas is collecting blocks ..
BrianH
9-Apr-2011
[7843x7]
These settings shouldn't go into system/user in R3, they should go 
in system/options/user. The system object will be task-specific, 
but the options are probably going to be global. And system/options/user 
might best be a map!, with categorized options in sub- maps, blocks 
or objects, depending on the situation. Or better yet just sub-maps, 
with the serialized preferences in blocks of name-value pairs so 
they can be parsed, and converted to maps at runtime.
system/options/user: make map! [
    category1 #[map! [
        option1 "value1"
        ...
    ]
    ...
]
Two-level category-options, and then the values could be any type 
you want. Screen thoroughly for evil values.
The %user.r serialization of this data should be human-writeable 
and loaded with LOAD, not DO.
The advantage to serializing directly in SAVE/all form is speed. 
The disadvantages are:

- The preferences file would be uglier to write by hand than block 
form.

- You would have to screen with ASSERT/type in FOREACH instead of 
PARSE.
But the slowness of validating would be offset by the speed of loading 
and saving, so it might be worth it.
Another disadvantage is that loading errors are currently harder 
to recover from with serialized constructors than they are with normal 
literal values like blocks. There's a ticket about this already. 
However, if you are loading the entire preference file in one go 
and just catching the error with TRY, there's no difference in the 
error handling.
Ladislav
10-Apr-2011
[7850x6]
The only consensus we reached was that %user.r would be a good place 
to store preferences, and that it should only store data. Executable 
code would be prohibited in %user.r, and screened for.
 - frankly, that decision never made sense to me.
In my opinion, it is not more secure at all.
...and I am afraid, that it is not hard to prove
...serialized constructors...
 - For me, the terminology is quite unfortunate, because

     "1 2"

is not "more serialized" than

    "#[false] #[true]"


I still do not understand, why it is so important to pretend the 
opposite.
Such an approach just leads to bugs.
Instead of saying 'not "more serialized"', I should have said 'not 
"more or less serialized"'
Reichart
10-Apr-2011
[7856]
Interesting point.  I would suspect the goal is to have the first, 
or top level be "code free", such that it is just settings.

But then, if you "want" you can call upon other files that contain 
code.

As a concept it sounds smart, which is unrelated to the reality that 
it might not be possible.

So, "is it" possible.
BrianH
10-Apr-2011
[7857x3]
Serialized constructors as opposed to serialized values. I used the 
"constructors" term to emhpasize the difference because the important 
distinction in that statement is the additional code that those constructions 
run in the loading process, beyond that in TRANSCODE itself. See 
http://issue.cc/r3/1857for the bug in question.
The security issue is to not have a file that is done automatically 
be writeable using the same permissions that the scripts are run 
under. It's a way to prevent worms.
The real distinction is between serialized constructors: #[map! [a 
1]]

and programmatic constructors that you have to DO: make map! [a 1]
Ladislav
10-Apr-2011
[7860x2]
The security issue is to not have a file that is done automatically 
be writeable using the same permissions that the scripts are run 
under.

- I do not have any problem to agree with that. But, in my opinion, 
this does not require to ban files, that are done automatically. 
Rather, we should make it possible to define special rights for such 
files.
real distinction is between serialized constructors: #[map! [a 1]]...

 - in my opinion, these are not "constructors" for REBOL programmers, 
 since they cannot define them
BrianH
10-Apr-2011
[7862x2]
Not at the OS level. We can only define permissions within REBOL 
itself, not permissions when it isn't running. And REBOL doesn't 
have any facility for user-specific permissions.
Ladislav, REBOL programmers can't define constructors, but they are 
still constructors. We can't define MAKE behavior either (until we 
get user-defined types).
Ladislav
10-Apr-2011
[7864]
as said, for me the formulation: "...a file that is done automatically 
be writeable using the same permissions that the scripts are run 
under..." is substantial, and it can be done, as far as I know.