Very often we will want our application to run Tcl code provided from a trusted or untrusted source. In these cases, it makes sense to run such scripts in environments with limited access to operating system and / or limited resources. In some cases, we can use this to provide an additional security layer. In other cases, it can be used as additional layer for securing ourselves against badly written code.

Typical examples of such cases include running code retrieved over the network. Our application may choose to limit access to an operating system for code written by sources we do not fully trust. An example is a data processing system using multiple computers; commands received from science units might be run in different ...