[e-lang] Unsafe code in capability languages
Mark S. Miller
markm at cs.jhu.edu
Thu Aug 31 10:47:02 CDT 2006
David Hopwood wrote:
> rune *almost* has the needed functionality already, with its --confine and
> -src arguments.
Not quite. Quoting the relevant parts of the "rune --help" output:
# 1) From an external shell, using the bash driver script "rune":
# $ rune <s-opt>* --? (<fname> <arg>*)?
"--confine" is a form of <s-opt>
# <fname> ::= [...]
# | <fbase>.<ext> Normally interpreted as a filename.
# <fbase> is any string not starting with
# "-", or anything if the previous
# argument was a "--".
# <ext> (the text after the last ".") is
# mangled to name the launcher.
# | --<specialOp> Use "$ rune --help --<specialOp>" for
# help on using that specialOp.
# <specialOp> ::= "help" | "version" | "src"
# $ rune --help --src
# Help on "--src":
#
# $ rune --src.<ext> <src> <arg>* Interprets <src> as if from a file
# ending in ".<ext>".
# $ rune --src <src> <arg>* Equivalent to "--src.e <src> <arg>*".
#
# For example, in a bash shell:
#
# $ rune --src 'println(interp.getArgs())' foo bar
# ["foo", "bar"]
#
# $ rune --src 'println(help)' For E command line help.
So in your command line below:
> $ rune --confine helloWorld.e --src "powerBox(<unsafe>)"
helloWorld.e is the <fname> and it's passed the literal string args "--src"
and "powerBox(<unsafe>)". Everything after the <fname> is uninterpreted.
Arguments are only interpreted as options if they come before the <fname>.
I like what you're trying to do, and we should indeed find some way to
accommodate it from rune. But "--src" doesn't seem like the right way.
--
Text by me above is hereby placed in the public domain
Cheers,
--MarkM
More information about the e-lang
mailing list