From b37075f5ec3bb37ef448c26ac7be3f1ff4eb15ca Mon Sep 17 00:00:00 2001 From: dkf Date: Wed, 16 Jul 2003 21:34:24 +0000 Subject: Tcl_MakeSafe is a nasty function; document it as such. [Bug 655300] --- ChangeLog | 6 ++++++ doc/CrtSlave.3 | 16 +++++++++++----- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index c680467..72cfca7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2003-07-16 Donal K. Fellows + + * doc/CrtSlave.3 (Tcl_MakeSafe): Updated documentation to strongly + discourage use. IMHO code outside the core that uses this + function is a bug... [Bug 655300] + 2003-07-16 Don Porter * generic/tclFileName.c (Tcl_GlobObjCmd): [Bug 771840] diff --git a/doc/CrtSlave.3 b/doc/CrtSlave.3 index 96765fd..f0945c6 100644 --- a/doc/CrtSlave.3 +++ b/doc/CrtSlave.3 @@ -4,7 +4,7 @@ '\" See the file "license.terms" for information on usage and redistribution '\" of this file, and for a DISCLAIMER OF ALL WARRANTIES. '\" -'\" RCS: @(#) $Id: CrtSlave.3,v 1.8 2002/08/05 03:24:39 dgp Exp $ +'\" RCS: @(#) $Id: CrtSlave.3,v 1.9 2003/07/16 21:34:25 dkf Exp $ '\" .so man.macros .TH Tcl_CreateSlave 3 7.6 Tcl "Tcl Library Procedures" @@ -140,10 +140,16 @@ If the creation of the new slave interpreter failed, \fBNULL\fR is returned. with the \fBTCL_SAFE_INTERPRETER\fR flag specified), \fB0\fR otherwise. .PP -\fBTcl_MakeSafe\fR makes \fIinterp\fR ``safe'' by removing all -non-core and core unsafe functionality. Note that if you call this after -adding some extension to an interpreter, all traces of that extension will -be removed from the interpreter. +\fBTcl_MakeSafe\fR marks \fIinterp\fR as ``safe'', so that future +calls to \fBTcl_IsSafe\fR will return 1. It also removes all known +potentially-unsafe core functionality (both commands and variables) +from \fIinterp\fR. However, it cannot know what parts of an extension +or application are safe and does not make any attempt to remove those +parts, so safety is not guaranteed after calling \fBTcl_MakeSafe\fR. +For this reason, this function should not be called by new code and is +likely to be deprecated or removed in a future version of Tcl. Safe +interpreters can be obtained by using \fBTcl_CreateSlave\fR instead, +which creates interpreters in a known-safe state. .PP \fBTcl_GetSlave\fR returns a pointer to a slave interpreter of \fIinterp\fR. The slave interpreter is identified by \fIslaveName\fR. -- cgit v0.12