[e-lang] simple question
Kevin Reid
kpreid at mac.com
Tue Aug 15 13:10:31 EDT 2006
On Aug 15, 2006, at 12:49, Matej Kosik wrote:
> It is possible to give E scripts capabilities they need in various
> way.
> This is fine.
>
> What I quite a long time wanted to ask is why they have access to all
> the files (I can normally access), such as:
>
> <file:/etc/passwd>.getText()
>
> ?
>
> It seems to me that this goes somehow against philosophy of your
> project. Doesn't it?
.e programs exist solely to bridge between the capability world and
current OSes.
<file>, or file__uriGetter, is accessible only in the
privilegedScope. When you run an .e program, it is evaluated in the
privilegedScope; if it was not, then the it could not do anything
useful.
A well-designed .e program should contain the minimum amount of code
needed to properly distribute capabilities to the rest of the
program, and be simple enough to read to find out what capabilities
it uses.
The rest of the program will be in .emaker files or other safe
loading systems which evaluate code in the 'safeScope'. safeScope
contains only references which do not allow such things as file access.
You can avoid .e by using a launcher such as CapDesk which loads
'caplets' and passes capabilities to the caplets as you specify.
CapDesk itself is started by an .e program, of course.
--
Kevin Reid <http://homepage.mac.com/kpreid/>
More information about the e-lang
mailing list