[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Embedding Guile with sandboxing
|
From: |
tomas |
|
Subject: |
Re: Embedding Guile with sandboxing |
|
Date: |
Wed, 25 Nov 2015 12:07:42 +0100 |
|
User-agent: |
Mutt/1.5.21 (2010-09-15) |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sun, Nov 22, 2015 at 11:06:05AM +0100, Arne Babenhauserheide wrote:
> Am Samstag, 21. November 2015, 13:35:12 schrieb Matthew Keeter:
> > If I were to replace Python with Guile, is there a way to sandbox it so
> > that arbitrary (perhaps
> > malicious) user-provided scripts can be run safely?
>
> The languages which try to do that are Java and Javascript, and they
> have several bugs connected to this every year (which i.e. allowing
> execution of code with elevated priviledges).
>
> To make this safe, you could follow the route described by Pascal:
> Define a restricted sub-language which is not turing-complete. You can
I think the problem isn't Turing completeness. It's the access to
the whole machine environment.
Still a tall order.
As another point, the Tcl community has had something they call "safe"
for quite a while (they can have several interpreters in one executable
and can instantiate so-called "safe" interpreters [1]). Might be worth
a look (for inspiration -- or for use).
[1] <http://wiki.tcl.tk/4204>
- -- t
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlZVln4ACgkQBcgs9XrR2kYQyQCfTADGl0E80DtDZcCvuCcBhdhe
lZcAn2O4S4bQbWYtVcJUP/S/R/IlBJdg
=3+xj
-----END PGP SIGNATURE-----
- Embedding Guile with sandboxing, Matthew Keeter, 2015/11/21
- Re: Embedding Guile with sandboxing, Pascal J. Bourguignon, 2015/11/21
- Re: Embedding Guile with sandboxing, Thompson, David, 2015/11/21
- Re: Embedding Guile with sandboxing, Arne Babenhauserheide, 2015/11/22
- Re: Embedding Guile with sandboxing,
tomas <=
- Re: Embedding Guile with sandboxing, Christopher Allan Webber, 2015/11/22