diff options
author | dkf <donal.k.fellows@manchester.ac.uk> | 2003-07-16 21:34:24 (GMT) |
---|---|---|
committer | dkf <donal.k.fellows@manchester.ac.uk> | 2003-07-16 21:34:24 (GMT) |
commit | b37075f5ec3bb37ef448c26ac7be3f1ff4eb15ca (patch) | |
tree | dedf4db8228d031004a8e7e4cb7d38bf43fc1962 | |
parent | de6aa74101b91995aba9134c5093a6899d4da019 (diff) | |
download | tcl-b37075f5ec3bb37ef448c26ac7be3f1ff4eb15ca.zip tcl-b37075f5ec3bb37ef448c26ac7be3f1ff4eb15ca.tar.gz tcl-b37075f5ec3bb37ef448c26ac7be3f1ff4eb15ca.tar.bz2 |
Tcl_MakeSafe is a nasty function; document it as such. [Bug 655300]
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | doc/CrtSlave.3 | 16 |
2 files changed, 17 insertions, 5 deletions
@@ -1,3 +1,9 @@ +2003-07-16 Donal K. Fellows <fellowsd@cs.man.ac.uk> + + * doc/CrtSlave.3 (Tcl_MakeSafe): Updated documentation to strongly + discourage use. IMHO code outside the core that uses this + function is a bug... [Bug 655300] + 2003-07-16 Don Porter <dgp@users.sourceforge.net> * generic/tclFileName.c (Tcl_GlobObjCmd): [Bug 771840] diff --git a/doc/CrtSlave.3 b/doc/CrtSlave.3 index 96765fd..f0945c6 100644 --- a/doc/CrtSlave.3 +++ b/doc/CrtSlave.3 @@ -4,7 +4,7 @@ '\" See the file "license.terms" for information on usage and redistribution '\" of this file, and for a DISCLAIMER OF ALL WARRANTIES. '\" -'\" RCS: @(#) $Id: CrtSlave.3,v 1.8 2002/08/05 03:24:39 dgp Exp $ +'\" RCS: @(#) $Id: CrtSlave.3,v 1.9 2003/07/16 21:34:25 dkf Exp $ '\" .so man.macros .TH Tcl_CreateSlave 3 7.6 Tcl "Tcl Library Procedures" @@ -140,10 +140,16 @@ If the creation of the new slave interpreter failed, \fBNULL\fR is returned. with the \fBTCL_SAFE_INTERPRETER\fR flag specified), \fB0\fR otherwise. .PP -\fBTcl_MakeSafe\fR makes \fIinterp\fR ``safe'' by removing all -non-core and core unsafe functionality. Note that if you call this after -adding some extension to an interpreter, all traces of that extension will -be removed from the interpreter. +\fBTcl_MakeSafe\fR marks \fIinterp\fR as ``safe'', so that future +calls to \fBTcl_IsSafe\fR will return 1. It also removes all known +potentially-unsafe core functionality (both commands and variables) +from \fIinterp\fR. However, it cannot know what parts of an extension +or application are safe and does not make any attempt to remove those +parts, so safety is not guaranteed after calling \fBTcl_MakeSafe\fR. +For this reason, this function should not be called by new code and is +likely to be deprecated or removed in a future version of Tcl. Safe +interpreters can be obtained by using \fBTcl_CreateSlave\fR instead, +which creates interpreters in a known-safe state. .PP \fBTcl_GetSlave\fR returns a pointer to a slave interpreter of \fIinterp\fR. The slave interpreter is identified by \fIslaveName\fR. |