Gustaf Neumann wrote:
Since xotcl uses ordinary tcl interps, i would assume, it inherits the safetiness of save tcl interps. Since xotcl does not do any socket handling, file-i/o, exec's, etc., i would think, this is a good start. If you see commands that we should deactivate in safe interps, please let me know.
You have to be careful with anything you add at the C level for safe interps. Whatever you create in Tcl in safe interps is by definition safe (if you aren't aliasing into the master), because of the model. However, in C you can expose anything. While you might not directly expose exec, IO, etc., you have to consider how you might indirectly expose that functionality and how a user might exploit that. I'm not saying that xotcl does, but you should just consider the implications of each C-based command individually. You also have the Tcl_IsSafeInterp C API for variant behavior in safe interps.
Jeff Hobbs, The Tcl Guy http://www.ActiveState.com/, a division of Sophos