Make TK_NO_SECURITY Run-Time SwitchableJeff HobbsDonal K. Fellows$Revision: 1.4 $
This TIP changes the compile time Tk define TK_NO_SECURITY to be switchable at run-time.
The TK_NO_SECURITY compile time #define is available to disable some security checking when send is used. The direct comments in the Makefile are:
ICMgVG8gdHVybiBvZmYgdGhlIHNlY3VyaXR5IGNoZWNrcyB0aGF0IGRpc2FsbG93IGluY29taW5nIHNlbmRzIHdoZW4=ICMgdGhlIFggc2VydmVyIGFwcGVhcnMgdG8gYmUgaW5zZWN1cmUsIHJldmVyc2UgdGhlIGNvbW1lbnRzIG9uIHRoZQ==ICMgZm9sbG93aW5nIGxpbmVzOg==IFNFQ1VSSVRZX0ZMQUdTCQk9ICNTRUNVUklUWV9GTEFHUwkJPSAtRFRLX05PX1NFQ1VSSVRZ
I propose to make this switch configurable at runtime through a tk securesend option.
Users would be able to debug between Tk applications on Unix using send without having to compile a special version of Tk or manipulating the security settings of their X server to Tk's liking (which can then conflict with other work). It is common for users in internal ("safe") networks to open up access to an X server with xhost +machine.
By allowing security to be disabled, users do possibly open up their system to attack. However, secure is the default setting, and any paranoid users can rename send {} to ensure that it is not used at all.
A full patch for this feature is available at:
The proposal adds one element to the private TkDisplay structure (configuration for secure send is done per display), and creates the Tcl level command:
CXRrIHNlY3VyZXNlbmQgPy1kaXNwbGF5b2Ygd2luZG93PyA/Ym9vbGVhbj8=
It leaves the TK_NO_SECURITY flag alone. If specified, send is insecure by default, otherwise it is secure.
DKF - It should be possible to control the setting of the compile-time TK_NO_SECURITY flag from the configure script; having to edit the Makefile by hand to adjust it makes it too easy to inadvertently break something by introducing an unfortunate typo. Being able to pass a --disable-security flag would make thing much easier from a user's point of view, and will make it less likely that the Tk maintainers will have to deal with bug reports that ultimately stem from a dumb mistake made in a sensitive spot...
This document has been placed in the public domain.