diff options
| -rw-r--r-- | ChangeLog | 2 | ||||
| -rw-r--r-- | doc/Tk_Init.3 | 52 | ||||
| -rw-r--r-- | doc/keysyms.n | 4 | ||||
| -rw-r--r-- | generic/tkWindow.c | 6 | ||||
| -rw-r--r-- | unix/mkLinks | 4 |
5 files changed, 58 insertions, 10 deletions
@@ -1,5 +1,7 @@ 2000-04-27 Eric Melski <ericm@scriptics.com> + * doc/Tk_Init.3: Added Tk_SafeInit information [Bug: 1884]. + * doc/keysyms.n: Man page enumerating keysyms [RFE: 1645]. * doc/colors.n: Man page enumerating valid color names [RFE: 1645]. diff --git a/doc/Tk_Init.3 b/doc/Tk_Init.3 index badcbe4..779a9e6 100644 --- a/doc/Tk_Init.3 +++ b/doc/Tk_Init.3 @@ -4,21 +4,23 @@ '\" See the file "license.terms" for information on usage and redistribution '\" of this file, and for a DISCLAIMER OF ALL WARRANTIES. '\" -'\" RCS: @(#) $Id: Tk_Init.3,v 1.2 1998/09/14 18:22:54 stanton Exp $ +'\" RCS: @(#) $Id: Tk_Init.3,v 1.3 2000/04/28 00:46:04 ericm Exp $ '\" .so man.macros -.TH Tk_Init 3 4.1 Tk "Tk Library Procedures" +.TH Tk_Init 3 8.0 Tk "Tk Library Procedures" .BS .SH NAME -Tk_Init \- add Tk to an interpreter and make a new Tk application. +Tk_Init, Tk_SafeInit \- add Tk to an interpreter and make a new Tk application. .SH SYNOPSIS .nf \fB#include <tk.h>\fR .sp int \fBTk_Init\fR(\fIinterp\fR) +.sp +int +\fBTk_SafeInit\fR(\fIinterp\fR) .SH ARGUMENTS -.AS Tcl_Interp *interp .AP Tcl_Interp *interp in Interpreter in which to load Tk. Tk should not already be loaded in this interpreter. @@ -42,6 +44,46 @@ new Tk application. The options may have any of the forms documented for the \fBwish\fR application (in fact, \fBwish\fR uses Tk_Init to process its command-line arguments). +.PP +\fBTk_SafeInit\fR is identical to \fBTk_Init\fR except that it removes +all Tk commands that are considered unsafe. Those commands and the +reasons for their exclusion are: +.TP +\fBbell\fR +Continuous ringing of the bell is a nuisance. +.TP +\fBclipboard\fR +A malicious script could replace the contents of the clipboard with +the string \fB"rm -r *"\fR and lead to surprises when the contents of +the clipboard are pasted. +.TP +\fBgrab\fR +Grab can be used to block the user from using any other applications. +.TP +\fBmenu\fR +Menus can be used to cover the entire screen and to steal input from +the user. +.TP +\fBselection\fR +See clipboard. +.TP +\fBsend\fR +Send can be used to cause unsafe interpreters to execute commands. +.TP +\fBtk\fR +The tk command recreates the send command, which is unsafe. +.TP +\fBtkwait\fR +Tkwait can block the containing process forever +.TP +\fBtoplevel\fR +Toplevels can be used to cover the entire screen and to steal input +from the user. +.TP +\fBwm\fR +If toplevels are ever allowed, wm can be used to remove decorations, +move windows around, etc. +.CE .SH KEYWORDS -application, initialization, load, main window +safe, application, initialization, load, main window diff --git a/doc/keysyms.n b/doc/keysyms.n index 4dffbce..7c8cfe2 100644 --- a/doc/keysyms.n +++ b/doc/keysyms.n @@ -2,7 +2,7 @@ '\" Copyright (c) 1998-2000 by Scriptics Corporation. '\" All rights reserved. '\" -'\" RCS: @(#) $Id: keysyms.n,v 1.1 2000/04/27 18:28:57 ericm Exp $ +'\" RCS: @(#) $Id: keysyms.n,v 1.2 2000/04/28 00:46:04 ericm Exp $ '\" '\" .so man.macros @@ -914,7 +914,7 @@ Hyper_R 65518 0xffee Delete 65535 0xffff .CE -.SH SEE ALSO +.SH "SEE ALSO" bind .SH KEYWORDS diff --git a/generic/tkWindow.c b/generic/tkWindow.c index f486234..7fa867f 100644 --- a/generic/tkWindow.c +++ b/generic/tkWindow.c @@ -12,7 +12,7 @@ * See the file "license.terms" for information on usage and redistribution * of this file, and for a DISCLAIMER OF ALL WARRANTIES. * - * RCS: @(#) $Id: tkWindow.c,v 1.16 2000/03/24 23:13:18 ericm Exp $ + * RCS: @(#) $Id: tkWindow.c,v 1.17 2000/04/28 00:46:04 ericm Exp $ */ #include "tkPort.h" @@ -2665,8 +2665,8 @@ Tk_SafeInit(interp) * - Continuous ringing of the bell is a nuisance. * - Cannot allow access to the clipboard because a malicious script * can replace the contents with the string "rm -r *" and lead to - * surprises when the contents of the clipboard are pasted. We do - * not currently hide the selection command.. Should we? + * surprises when the contents of the clipboard are pasted. Similarly, + * the selection command is blocked. * - Cannot allow send because it can be used to cause unsafe * interpreters to execute commands. The tk command recreates the * send command, so that too must be hidden. diff --git a/unix/mkLinks b/unix/mkLinks index 5cf73bc..410a6e2 100644 --- a/unix/mkLinks +++ b/unix/mkLinks @@ -620,6 +620,10 @@ if test -r TkInitStubs.3; then rm -f Tk_InitStubs.3 ln TkInitStubs.3 Tk_InitStubs.3 fi +if test -r Tk_Init.3; then + rm -f Tk_SafeInit.3 + ln Tk_Init.3 Tk_SafeInit.3 +fi if test -r WindowId.3; then rm -f Tk_WindowId.3 rm -f Tk_Parent.3 |