Er, well, sort of. Obviously it's not difficult to hide nasty stuff
in the second page of the script. I'm somewhat leery of counting on
the user to be smart enough to judge the safeness of an arbitrary
program on the fly; Stephen Crocker's observations seem on target.
Vinay said:
>Done ! I did this a while ago. Take a look at:
>
> http://www.eit.com/software/vsafecsh/vsafecsh.html
>
>Only SunOS, IRIX5.1+, and OSFV2.0 versions available for now.
And naturally people who are security-conscious will want to hurry and
download the binaries for which source is not made available and check
them out. :-) Do you have any example programs for it (non-trivial
ones, I mean)?
The C shell hardly seems a suitable language for evaluation of
untrusted code. What's wrong with Safe-Tcl?
- Marc
-- <A HREF="http://www.cs.indiana.edu/hyplan/mvanheyn.html">Marc VanHeyningen</A>