Re: Restricting eval

[Grant Rettke]

Understood. Thanks for sharing that.

On Sun, Mar 23, 2014 at 1:33 PM, Panicz Maciej Godek
<address@hidden> wrote:
> Hi!
>
> 2014-03-23 19:07 GMT+01:00 Grant Rettke <address@hidden>:
>> On Sat, Nov 30, 2013 at 2:26 PM, Panicz Maciej Godek
>> <address@hidden> wrote:
>>> And hence my question: is there any way to restrict
>>> the execution environment of eval, e.g. to specify
>>> which symbols should be available? (For security
>>> reasons, I wouldn't want functions like "system"
>>> or "exit" to be present in that environment)
>>>
>>> Or perhaps there's some better way to do that?
>>
>> How did you end up achieving your goal?
>
> Oh, with Guile it turned out to be a piece of cake ;]
> It's thanks to first-class modules and the fact that a module can be
> provided as the second argument to eval.
> Guile actually has e.g. (ice-9 safe-r5rs), which exports a safe subset
> of Scheme, and (ice-9 null), which provides the most basic syntactic
> bindings and no functions whatsoever.
>
> So it is possible to either create a module in runtime using
> make-fresh-user-module and add all the necessary bindings, or to have
> some regular module prepared and obtain it using resolve-module.
>
> This is more or less how I did it, but I have to admit that I did
> neglect the security issues and designed the system to work rather
> than to make it hacker-proof.
>
> The bad news is that the module API isn't officially documented and
> one needs to read the boot-9.scm file to figure out how it works (the
> code is a good read, though).
>
> HTH



-- 
Grant Rettke | ACM, AMA, COG, IEEE
address@hidden | http://www.wisdomandwonder.com/
“Wisdom begins in wonder.” --Socrates
((λ (x) (x x)) (λ (x) (x x)))
“Life has become immeasurably better since I have been forced to stop
taking it seriously.” --Thompson