shellspy_module_punk::island(0) 0.1.0 doc "punk::island for safe interps"

Name

shellspy_module_punk::island - filesystem islands for safe interps

Table Of Contents
Synopsis
Description
Overview
- Concepts
- dependencies
API
Internal
- Namespace punk::island::system
Keywords
Copyright

Synopsis

package require punk::island

add child path
reset child
Allowed child fname
File child cmd args
Open child args
Expose child cmd args
Glob child args
Init child

Description

Package to a allow a safe interpreter to access islands of the

filesystem only, i.e. restricted directory trees within the

filesystem. The package brings back file, open and glob to the child interp

interpreter, though in a restricted manner.

JN Warning:

This mechanism can have interactions with package loading from auto_path - needs review.

Overview

overview of punk::island

Concepts

dependencies

packages used by punk::island

Tcl 8.6

API

Namespace punk::island::class

class definitions

Namespace punk::island::interps

hosts information for interpreters

Namespace punk::island

Core API functions for punk::island

add child path

Add a path to the list of paths that are explicitely allowed for access

to a child interpreter. Access to any path that has not been explicitely

allowed will be denied. Paths that are added to the list of allowed

islands are always fully normalized.

Arguments:

string child: Identifier of the child interpreter to control

reset child

Remove all access path allowance and arrange for the interpreter to be

able to return to the regular safe state.

Arguments:

string child: Identifier of the child interpreter

Namespace punk::island::lib

Secondary functions that are part of the API

Internal

Namespace punk::island::system

Internal functions that are not part of the API

Allowed child fname

Check that the file name passed as an argument is within the islands of

the filesystem that have been registered through the add command for a

given (safe) interpreter. The path is fully normalized before testing

against the islands, which themselves are fully normalized.

Arguments:

string child: Identifier of the child interpreter
string fname: (relative) path to the file to test

File child cmd args

Parses the options and arguments to the file command to discover which

paths it tries to access and only return the results of its execution

when these path are within the allowed islands of the filesystem.

Arguments:

string child: Identifier of the child interpreter
string cmd: Subcommand of the file command
string args: Arguments to the file subcommand

Open child args

Parses the options and arguments to the open command to discover which

paths it tries to access and only return the results of its execution

when these path are within the allowed islands of the filesystem.

Arguments:

string child: Identifier of the child interpreter
string args: Arguments to the open subcommand

Expose child cmd args

This procedure allows to callback a command that would typically have

been hidden from a child interpreter. It does not "interp expose" but

rather calls the hidden command, so we can easily revert back.

Arguments:

string child: Identifier of the child interpreter
string cmd: Hidden command to call
string args: Arguments to the command

Glob child args

Parses the options and arguments to the glob command to discover which

paths it tries to access and only return the results of its execution

when these path are within the allowed islands of the filesystem.

Arguments:

string child: Identifier of the child interpreter
string args: Arguments to the glob command

Init child

Initialise child interpreter so that it will be able to perform some

file operations, but only within some islands of the filesystem.

Arguments:

string child: Identifier of the child interpreter

Keywords

filesystem, interp, module