Hi all,
as some of you already might have noticed [1, 2], I am currently working at a more powerful Drag and Drop (DnD) handling at the VM level of Squeak, heavily inspired by Marcel's ideas. While studying the existing source code, I was wondering what is the actual purpose of primitiveDropRequestFileHandle compared to primitiveDropRequestFileName which both are called by StandardFileStream >> #requestDropStream:. I had a very short look at all the different DropPlugin implementations and in a nutshell, dropRequestFileHandle appears to call dropRequestFileName and then sqFileOpen() that path using the FilePlugin. Compared to this, the regular primitiveFileOpen from the FilePlugin which is called by StandardFileStream >> #open:forWrite: leads to fileOpenNamesizewritesecure() which first performs some ominous security checks (basically whether the file path is valid and the file is writable if needed) and then, again, calls sqFileOpen().
So at the end of the day, both primitives appear to call the same logic. So please allow me my naive question: Does anyone remember or imagine any good reason why we have an additional primitive for this purpose? My overall guess (from what I have learned so far about the VM side) would have been that you should be as frugal as possible when it comes to introducing a primitive, because developing, debugging, and exploring VM code is so much less simple and intuitive than Smalltalk code. For this reason, I would not expect to find any redundant "convenience primitives" in the OSVM interface.
I have two hypothetical explanations so far which however both I do not find satisfying:
Tl;dr: What is the reason for the existence of primitiveDropRequestFileHandle and should it still be used? Why not simply nuke it and always use primitiveDropRequestFileName + primitiveFileOpen?
Looking forward to your suggestions!
Best,
Christoph
Carpe Squeak!
|
A file handle can be a capability (*). A file name is a string. The Squeak process may lack the permissions to open a named file, but could still read from an open handle (which maybe was created by the OS using a direct user gesture). That way, a sandboxed app can only access files that were explicitly granted permission by the user, rather than all files on the disk. Secondly, it allows the use of temporary files - the file can be opened (which creates the handle) and deleted (which deletes its directory entry). The contents can still be read from the handle afterwards (at least on unix) Vanessa On Wed, Aug 19, 2020 at 11:26 AM Thiede, Christoph <[hidden email]> wrote:
|
Hi Vanessa,
thanks for the pointer to capability-based security, this makes sense! However in the OSVM source, I could not find any implementation of dropRequestFileHandle() that would not call dropRequestFileName() and sqFileOpen(), so I believe capability-based security is not actually used at the moment. Still, this hook could be relevant when a new platform (for instance, Android?) would be supported by OSVM. So for now, I conclude that one should indeed use both primitives as implemented in the latest Trunk, in order not to comprise this possibility for future implementations.
Best, Christoph Von: Squeak-dev <[hidden email]> im Auftrag von Vanessa Freudenberg <[hidden email]>
Gesendet: Mittwoch, 19. August 2020 23:42:52 An: The general-purpose Squeak developers list Betreff: Re: [squeak-dev] What is primitiveDropRequestFileHandle and do we really need it? A file handle can be a capability (*). A file name is a string. The Squeak process may lack the permissions to open a named file, but could still read from an open handle (which maybe was created by the OS using a direct user gesture). That way, a sandboxed
app can only access files that were explicitly granted permission by the user, rather than all files on the disk.
Secondly, it allows the use of temporary files - the file can be opened (which creates the handle) and deleted (which deletes its directory entry). The contents can still be read from the handle afterwards (at least on unix)
Vanessa
On Wed, Aug 19, 2020 at 11:26 AM Thiede, Christoph <[hidden email]> wrote:
Carpe Squeak!
|
Free forum by Nabble | Edit this page |