* libguile/deprecated.c (make_bignum): Move here from numbers.c, to
support scm_i_long2big etc.
(scm_i_big2dbl):
(scm_i_long2big):
(scm_i_ulong2big):
(scm_i_clonebig):
(scm_i_normbig): Deprecate.
(scm_install_gmp_memory_functions): Deprecate, happily! SCM bignums now
have digits allocated inline with the bignum itself, so they are
completely transparent to the GC already. The price is that if GMP ever
allocates digits via the MPZ API, those digits then have to be copied
back into managed memory. But we avoid having to install finalizers and
we avoid having to muck with GMP's allocator.
* libguile/numbers.c (scm_from_mpz): Use scm_integer_from_mpz.
(scm_init_numbers): Never muck with GMP's allocators.
* doc/ref/guile-invoke.texi (Environment Variables): Remove note about
GUILE_INSTALL_GMP_MEMORY_FUNCTIONS.
* meta/build-env.in: No need to set GUILE_INSTALL_GMP_MEMORY_FUNCTIONS.
* doc/ref/guile-invoke.texi (Environment Variables): Remove
GUILE_STACK_SIZE which is no longer needed, and document some JIT
debugging environment variables.
* doc/ref/vm.texi (Why a VM?, Just-In-Time Native Code): Update and link
to environment variables documentation.
* doc/ref/guile-invoke.texi, doc/ref/scheme-scripts.texi:
describe the -e (module) shorthand as on equal footing with (@ ...)
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
Reported by Christopher Allan Webber <cwebber@dustycloud.org>
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
This commit adds protection to Guile's REPL servers against HTTP
inter-protocol exploitation attacks, a scenario whereby an attacker can,
via an HTML page, cause a web browser to send data to TCP servers
listening on a loopback interface or private network. See
<https://en.wikipedia.org/wiki/Inter-protocol_exploitation> and
<https://www.jochentopf.com/hfpa/hfpa.pdf>, The HTML Form Protocol
Attack (2001) by Tochen Topf <jochen@remote.org>.
Here we add a procedure to 'before-read-hook' that looks for a possible
HTTP request-line in the first line of input from the client socket. If
present, the socket is drained and closed, and a loud warning is written
to stderr (POSIX file descriptor 2).
* module/system/repl/server.scm: Add 'maybe-check-for-http-request'
to 'before-read-hook' when this module is loaded.
(with-temporary-port-encoding, with-saved-port-line+column)
(drain-input-and-close, permissive-http-request-line?)
(check-for-http-request, guard-against-http-request)
(maybe-check-for-http-request): New procedures.
(serve-client): Use 'guard-against-http-request'.
* module/system/repl/coop-server.scm (start-repl-client): Use
'guard-against-http-request'.
* doc/ref/guile-invoke.texi (Command-line Options): In the description
of the --listen option, make the security warning more prominent.
Mention the new protection added here. Recommend using UNIX domain
sockets for REPL servers. "a path to" => "the file name of".
* libguile/vm.c (initialize_default_stack_size): New helper.
(scm_bootstrap_vm): Call initialize_default_stack_size.
* doc/ref/guile-invoke.texi (Environment Variables): Add docs.
Based on a patch by Stefan Israelsson Tampe.
* libguile/load.c (scm_ellipsis): New Variable.
(scm_parse_path_with_ellipsis): New procedure.
(scm_init_load): Initialize 'scm_ellipsis'.
(scm_init_load_path): Use 'scm_parse_path_with_ellipsis' to
handle GUILE_LOAD_PATH and GUILE_LOAD_COMPILED_PATH.
* libguile/load.h (scm_parse_path_with_ellipsis): Add prototype.
* doc/ref/guile-invoke.texi (Environment Variables):
doc/ref/api-evaluation.texi (Load Paths): Add documentation.
Correct description of default load path to reflect reality.
Remove 'GUILE_LOAD_PATH' from the concept index; it is already
in the variable index. Add cross references between these two
sections of the manual.
* module/ice-9/command-line.scm (*usage*): Attempt to suggest that
`--no-debug' doesn't inhibit debugging support.
* doc/ref/guile-invoke.texi (Command-line Options): Make it clear that
`--no-debug' doesn't inhibit debugging support. Reported by Manuel
Serrano.
* doc/ref/guile.texi (Programming in Scheme):
* doc/ref/scheme-scripts.texi (Guile Scripting): Moved "Invoking Guile"
to its own file.
* doc/ref/guile-invoke.texi (Invoking Guile): Initial revision. This
file contains the former section "Invoking Guile" that was included in
the chapter "Programming in Scheme" as a subsection named
"Command-line Options." It also includes a new subsection "Environment
Variables," which describes those variables that can be set in the
operating system before Guile is started and which affect Guile's
run-time behavior.
