The section FEATURES describes exactly what is restored. The section CONFIGURATION explains how access to the feature can be managed by settings in the configuration for the controlling policy, and by settings in the application's master configuration. The section SECURITY discusses the security risks incurred by installing this feature and how to manage these risks by proper configuration.
Hidden commands are exposed and aliases by the same name are removed, if allowed by the controlling security policy. Hidden commands are explained in the interp manual page.
The global variables whose name appears in the value of ::cfg::RestoreVariables are copied from the master interpreter into the Safe-Tcl interpreter, if allowed by the controlling policy. By default, the variables auto_path, tcl_library, tk_library, tcl_pkgPath, argc, argv and argv0 are copied.
The global arrays whose name appears in the value of ::cfg::RestoreArrayVariables are copied from the master interpreter into the Safe-Tcl interpreter, if allowed by the controlling policy. By default, the arrays env, auto_index and tcl_platform are copied.
The Tcl command auto_reset is evaluated in the Safe-Tcl interpreter, to force it to notice the new values for auto_path and other variables. This command is explained in the library manual page that comes with the Tcl 8.0 distribution.
The variables ::cfg::RestoreVariables and ::cfg::RestoreArrayVariables determine which global variables are copied from the master interpreter into a Tclet's interpreter when the unsafe feature is installed. These variables can be set in the application's master configuration, or you can rely on the default lists used if they are not set, as explained above. For the Tcl plugin, the variables are left unset, and the plugin relies on the defaults.
The restoreCommands section controls which hidden commands are re-exposed. If the name of a hidden command is allowed in this section, it is re-exposed when this feature is installed into a Safe-Tcl interpreter.
The restoreVariables section controls which global variables are copied from the master interpreter into a Tclet. If the name of a global variable is allowed in this section, it is copied.
The restoreArrayVariables section controls which global array variables are copied from the master interpreter into a Tclet. If the name is allowed by this section, the array is copied when the feature is installed into a Safe-Tcl interpreter.
The markTrusted section defines the markTrusted constant. If this is set to 1, when the feature is installed, the Tclet interpreter will be marked as trusted. This disables hard-wired safety checks in Tcl 8.0 and Tk 8.0 which would otherwise prevent the Tclet from using some features.
This feature is allowed only by the trusted security policy, and in the Tcl plugin, that security policy is disallowed by settings in the policies section in the plugin's master configuration.