[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: RFC: (ice-9 sandbox)
From: |
Mike Gran |
Subject: |
Re: RFC: (ice-9 sandbox) |
Date: |
Fri, 31 Mar 2017 14:41:14 +0000 (UTC) |
?> On Friday, March 31, 2017 2:28 AM, Andy Wingo <address@hidden> wrote:
> Any thoughts? I would like something like this for a web service that
> has to evaluate untrusted code.
Neat! Here are some random, tangential ideas.
While this might be a good route toward a pragmatic definition of
"safe," a route to a stronger version of safety might be trying
to compile a Guile against the CloudABI C library -- which prevents
OS interaction altogether -- and then use something like inetd to
to communicate with your safe guile.
As a middle ground, there are the --disable-posix,
--disable-networking, and --disable-regex options, to consider.
-Mike Gran