Re: Scotty mem usage growing

Juergen Schoenwaelder (schoenw@gaertner.de)
Wed, 30 Jul 1997 15:30:32 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David Carmean: "Active Monitor icon"
Previous message: Sveinar Rasmussen: "Re: Scotty mem usage growing"
Maybe in reply to: Sveinar Rasmussen: "Scotty mem usage growing"

Sveinar Rasmussen <sveinarr@stud.cs.uit.no> said:

Sveinar> The solution was: Removing the "-agent $interp" where
Sveinar> $interp contains the safe tcl/scotty commands allowed
Sveinar> to be executed. I replaced this with "-agent {}" and
Sveinar> things worked right away. Thanks to Buz's little
Sveinar> example!

I did not realize that your problem was indeed caused by the secure
interpreter. Yeah, security is difficult thing.

Sveinar> Hm... Guess I really should have used "safe
Sveinar> tcl/scotty" commands as done in the scotty agent
Sveinar> example (distribution). Is it bad to skip this safety
Sveinar> stuff? If so, what's the deal with the aliasing? I
Sveinar> have a proc that updates the mib (setMIB), should I
Sveinar> add a "setMIB alias" ? or should I add every Tcl
Sveinar> command in the alias list?

It is fine to use an unsafe interpreter as long as you can guarantee
that a value written via SNMP is never evaluated. If it gets evaluates
in one of your bindings, you very like create a security hole.

The way the safe interpreter works is a bit confusing. Jacob Levi has
changed the safe Tcl mechanism in newer versions which hopefully makes
it easier to work with safe interpreters. The main difference is that
the version used by scotty requires that you alias every command
exported by a trusted interpreter in the safe interpreter. This means
that some operations are actually performed in the trusted interpreter
although they should change the state in the safe interpreter. This
leads to confusing code. The new safe Tcl version solves this problem
by allowin a trusted interpreter to invoke a so called hidden command
in the safe interpreter which makes the state change happening in the
safe interpreter directly. This is the short explanation. I am not
sure if you really want to know all the details. ;-)

I am going to change the support for safe interpreter in SNMP agents
to reflect the new safe Tcl mechanism.
Juergen

-- Juergen Schoenwaelder <schoenw@gaertner.de> (Tel: +49-531-23873-0) Gaertner Datensysteme, Hamburger Strasse 273a, 38114 Braunschweig, Germany

--
!! This message is brought to you via the `tkined & scotty' mailing list.
!! Please do not reply to this message to unsubscribe. To subscribe or
!! unsubscribe, send a mail message to <tkined-request@ibr.cs.tu-bs.de>.
!! See http://wwwsnmp.cs.utwente.nl/~schoenw/scotty/ for more information.

Next message: David Carmean: "Active Monitor icon"
Previous message: Sveinar Rasmussen: "Re: Scotty mem usage growing"
Maybe in reply to: Sveinar Rasmussen: "Scotty mem usage growing"