Re: Security
- From: tar@xxxxxxxxxxxxx (Thomas A. Russ)
- Date: 31 Jan 2008 11:56:39 -0800
Steve-o <stknig@xxxxxxxxxxxxxx> writes:
The only
thing I can think of is to be careful of code-injection type problems
where evaluating s-expressions from an untrusted source could be
harmful. But that's pretty obvious.
A little less obvious is that by using #. you can invoke the evaluator
simply by READing an expression. That is why it is wise to bind
*READ-EVAL* to NIL when reading expressions that you can't trust. That
inhibits the evaluation during reading that is normally triggered by the
#. construct.
*PRINT-CIRCLE* should also be used if you are reading structures, or
else you may end up with a circular structure that takes forever to
print. Circular structure can be introduced during reads of
S-expressions, and AFAIK you can't turn that part of the reader off:
#1=(A B . #1#)
--
Thomas A. Russ, USC/Information Sciences Institute
.
- References:
- Security
- From: Steve-o
- Security
- Prev by Date: Re: Paul Graham's Arc is released today... what is the long term impact?
- Next by Date: Re: Paul Graham's Arc is released today... what is the long term impact?
- Previous by thread: Re: Security
- Next by thread: questions: how to load a file "inlined" inside a let, and how to reference count objects
- Index(es):
Relevant Pages
|
