[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Refactoring dynamic roots
|
From: |
Marius Vollmer |
|
Subject: |
Re: Refactoring dynamic roots |
|
Date: |
Sat, 29 Jan 2005 01:17:52 +0100 |
|
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/21.3.50 (gnu/linux) |
Kevin Ryde <address@hidden> writes:
> Marius Vollmer <address@hidden> writes:
>>
>> The other thing that dynamic roots do is to isolate changes to the
>> dynamic state. For example, calls to set-current-output-port or
>> fluid-set! have no effects outside of a dynamic root. This might be
>> useful when running arbitrary code since the caller can protect itself
>> from unexpected changes to the dynamic state. (This is not _that_
>> useful for sandboxing code since the code can of course change the
>> global state of Guile arbitrarily unless other measures are taken.)
>
> I'm unsure about this bit. If you trust the code enough not to mangle
> global variables, can't you trust it enough not to mangle fluids too?
Hmm, it is probably not so much about trust, but about being nice to
the code that you run: you want to give it its own dynamic state
because that is very useful.
Of course you have to trust the code that you run. If you do not
trust it but want to run it anyway, my answer would be to isolate the
whole guile process with the means provided by the OS, such as
chrooting it, running it as nobody, etc.
--
GPG: D5D4E405 - 2F9B BCCC 8527 692A 04E3 331E FAF8 226A D5D4 E405