bug#28811: 11.90.2.2017-07-25; preview-at-point

[David Kastrup]

David Kastrup <address@hidden> writes:

> Ken Sharp <address@hidden> writes:
>>
>> And the unsafe context you are storing is what exactly ?
>
> The object you get when executing "safe" before executing .setsafe.

s/"safe"/"save"/ of course.

> Calling restore on it reverts to non-safe mode, so we don't want it
> accessible to the potentially unsafe code executed in -dSAFER mode.
>
> I mean, that's the textbook and documented way of using .runandhide .
> It's not like we invented it.
>
>> Usually these result in crashes but we've also seen denial of service,
>> directory and file traversal/retrieval and some cases where it was
>> possible to execute arbitrary code. Note that these have been true in
>> some instances even when -dSAFER is set.
>
> Calling "safe"

"save" again.  Sorry.

> in unsafe mode will deliver an object useful for returning from
> -dSAFER _if_ code has access to that object.  .runandhide was the
> documented way of hiding the object away from potentially unsafe code.

>> Given the rather acrimonious past history of our discussions, I think
>> it may be better if I hand this to a colleague. I'll speak to someone
>> tomorrow and see if they are willing to take it on.

I am not sure that having to start over explaining will lead to an
improvement of my ability to communicate.

Being better able to tell computers what I am talking about than humans
is not exactly rewarding for me either, but when I am the main person
responsible for affected code, there is not much of a way for me to pass
the bucket.

-- 
David Kastrup