[RFC] removing library NCI signatures from core
plobsing at gmail.com
Wed Feb 17 19:02:11 UTC 2010
On Wed, Feb 17, 2010 at 11:29 AM, NotFound <julian.notfound at gmail.com> wrote:
>> As a middle-ground first step, howabout we break the non-necessary NCI
>> signatures into a dynlib in the repo. That way we still have them in
>> the repo if needed in the interim, we have a way to run tests on the
>> mechanism locally, and we prepare for the larger refactors that Peter
>> is suggesting.
> I like that idea. Even better, make it pluggable and selectable at
> runtime. This way will also allow to easily control or disable his
> usage in security arenas.
Runtime filtering of available signatures should already be doable:
# warning: untested
.param string signature
$P0 = getinterp
$P1 = $P0[ .IGLOBALS_NCI_FUNCS ]
delete $P1[ signature ]
Of course, filtering based on signature seems a little coarse to me.
The only really secure solution I can see is to load all permissible
NCI funcs and then completely disallow NCI. But I am not a security
More information about the parrot-dev