Re: Core Guile bindings

2016-10-14 Thread Arne Babenhauserheide 

Panicz Maciej Godek writes:

> 2016-10-13 20:19 GMT+02:00 Arne Babenhauserheide :
>
>>
>> What would be possible without breaking backwards compatibility is
>> moving them ino a module which is imported by default, with a way to
>> suppress those default imports.
>>
>> I think it is a very nice idea. Guile could install with "configurations",
> and the default configuration would just load the modules to make all
> currently global bindings available, but users could tweak their
> configurations in their ~/.guile files, supressing that default
> configuration. Or they could change it system-wide, provided that there are
> no dependencies in current guile scripts that could break anything.

To some degree this is already the case for interactive mode (so this is
not really my idea, just an application of what’s already there).

We might need an option to suppress loading the default modules, though,
similar to the -Q in emacs (which I use to make it start faster when I
just need basic editing capabilities).

However I think removing things from the existing default behaviour
should never be automatic, otherwise people won’t be able to rely on the
Guile on another system behaving as expected.

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein
ohne es zu merken


signature.asc
Description: PGP signature

Re: Core Guile bindings

2016-10-14 Thread Robin Templeton 
Arne Babenhauserheide  writes:

> Ludovic Courtès writes:
>
>> Hi!
>>
>> "Thompson, David"  skribis:
>>
>>> On Wed, Oct 12, 2016 at 3:18 PM, Panicz Maciej Godek
>>>  wrote:


 2016-10-12 20:21 GMT+02:00 Thompson, David :
>
>
> My understanding is that these symbols have been part of the default
> environment for so long that a lot of code would break if they were
> removed, so they will be staying for the foreseeable future.
>

 On the other hand, the fix would usually be trivial (just one use-modules
 clause), and besides I don't think that Guile has ever had a tradition of
 worrying too much about backwards compatibility.
>>>
>>> The Guile maintainers care very much about backwards compatibility,
>>> from what I've seen over the last few years.
>>
>> I think I asked the same question as Panicz when I started using Guile
>> ca. 2004.  The situation of global bindings hasn’t changed since then,
>> and that’s for compatibility reasons that I very much appreciate as a
>> user.
>
> What would be possible without breaking backwards compatibility is
> moving them ino a module which is imported by default, with a way to
> suppress those default imports.

This is already how it works internally -- the default bindings are
stored in the (guile) module. You can use define-module's #:pure option
to suppress the default import and start with an empty module.

-- 
Inteligenta persono lernas la lingvon Esperanton rapide kaj facile.
Esperanto estas moderna, kultura lingvo por la mondo. Simpla, fleksebla,
belsona, Esperanto estas la praktika solvo de la problemo de universala
interkompreno. Lernu la interlingvon Esperanton!

Re: Guile security vulnerability w/ listening on localhost + port (with fix)

2016-10-14 Thread Lizzie Dixon 
Hi,

On 10/11, Christopher Allan Webber wrote:
> The default in Guile has been to expose a port over localhost to which
> code may be passed.  The assumption for this is that only a local user
> may write to localhost, so it should be safe.  Unfortunately, users
> simultaneously developing Guile and operating modern browsers are
> vulnerable to a combination of an html form protocol attack [1] and a
> DNS rebinding attack [2].  How to combine these attacks is published in
> the article "How to steal any developer's local database" [3].

> 
> In Guile's case, the general idea is that you visit some site which
> presumably loads some javascript code (or tricks the developer into
> pressing a button which performs a POST), and the site operator switches
> the DNS from their own IP to 127.0.0.1.  Then a POST is done from the
> website to 127.0.0.1 with the body containing scheme code.  This code is
> then executed by the Guile interpreter on the listening port.

You don't need to rebind DNS to exploit this bug, or other bugs like
it. I wrote some details here:



Best,

Lizzie.


signature.asc
Description: PGP signature