GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  TK::SEND (3)

.ds Aq ’

NAME

Tk::send - Execute a command in a different application

CONTENTS

SYNOPSIS

$result = $widget-><B>sendB>(?options,?app=>cmd?arg arg ...?)

DESCRIPTION

This method arranges for cmd (and args) to be ’sent’ to the application named by app. It returns the result or an error (hence above should probably be ’wrapped’ in <B>eval{}B> and $@ tested). App may be the name of any application whose main window is on the display containing the sender’s main window; it need not be within the same process. If no arg arguments are present, then the string to be sent is contained entirely within the cmd argument. If one or more args are present, they are concatenated separated by white space to form the string to be sent.

If the initial arguments of the call begin with ‘‘-’’ they are treated as options. The following options are currently defined:
<B>-asyncB> Requests asynchronous invocation. In this case the <B>sendB> command will complete immediately without waiting for cmd to complete in the target application; no result will be available and errors in the sent command will be ignored. If the target application is in the same process as the sending application then the <B>-asyncB> option is ignored.
<B>--B> Serves no purpose except to terminate the list of options. This option is needed only if app could contain a leading ‘‘-’’ character.

APPLICATION NAMES

The name of an application is set initially from the name of the program or script that created the application. You can query and change the name of an application with the <B>appnameB> method.

WHAT IS A SEND

The <B>sendB> mechanism was designed to allow Tcl/Tk applications to send Tcl Scripts to each other. This does not map very well onto perl/Tk. Perl/Tk sends a string to app, what happens as a result of this depends on the receiving application. If the other application is a Tcl/Tk4.* application it will be treated as a Tcl Script. If the other application is perl/Tk application (including sends to self) then the string is passed as an argument to a method call of the following form:

$mainwindow-><B>Receive(B>string);

There is a default (AutoLoaded) <B>Tk::ReceiveB> which returns an error to the sending application. A particular application may define its own <B>ReceiveB> method in any class in <B>MainWindowB>’s inheritance tree to do whatever it sees fit. For example it could <B>evalB> the string, possibly in a <B>SafeB> compartment.

If a Tcl/Tk application sends anything to a perl/Tk application then the perl/Tk application would have to attempt to interpret the incoming string as a Tcl Script. Simple cases are should not be too hard to emulate (split on white space and treat first element as command and other elements as arguments).

SECURITY

The <B>sendB> command is potentially a serious security loophole, since any application that can connect to your X server can send scripts to your applications. Hence the default behaviour outlined above. (With the availability of <B>SafeB> it may make sense to relax default behaviour a little.)

Unmonitored <B>evalB>’ing of these incoming scripts can cause perl to read and write files and invoke subprocesses under your name. Host-based access control such as that provided by <B>xhostB> is particularly insecure, since it allows anyone with an account on particular hosts to connect to your server, and if disabled it allows anyone anywhere to connect to your server. In order to provide at least a small amount of security, core Tk checks the access control being used by the server and rejects incoming sends unless (a) <B>xhostB>-style access control is enabled (i.e. only certain hosts can establish connections) and (b) the list of enabled hosts is empty. This means that applications cannot connect to your server unless they use some other form of authorization such as that provide by <B>xauthB>.

SEE ALSO

eval in perlfunc, Safe, system’s administrator/corporate security guidelines etc.

KEYWORDS

application, name, remote execution, security, send
Search for    or go to Top of page |  Section 3 |  Main Index


perl v5.20.3 SEND (3) 2013-11-15

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.