Re: RFC: (ice-9 sandbox)

From:

Nala Ginrut

Subject:

Date:

Mon, 17 Apr 2017 17:12:11 +0800

Hmm...I didn't think about this security issue. And even if we may do some verification in IR(say, CPS or lower level), it's insufficient to avoid security issue, since front-end implementation may use cross module function to mimic primitives for other languages.

Now I think maybe front-end writer has to write their own sandbox with (ice-9 sandbox) if any necessary. :-)

Best regards.

2017年4月17日 16:07，"Andy Wingo" <address@hidden>写道：

On Sat 15 Apr 2017 19:23, Nala Ginrut <address@hidden> writes:

> Could you please add #:from keyword to evil-in-sand box to indicate
> the language front-end? Don't forget there's multi-lang plan. :-)

In theory yes, but I don't know how to make safe sandboxes in other
languages. ice-9 sandbox relies on the Scheme characteristic that the
only capabilities granted to a program are those that are in scope.
Other languages often have ambient capabilities -- like Bash for example
where there's no way to not provide the pipe ("|") operator. I think
adding other languages should be an exercise for the reader :)

Andy

Re: RFC: (ice-9 sandbox), Christopher Allan Webber, 2017/04/01

Re: RFC: (ice-9 sandbox), Andy Wingo, 2017/04/02
- Re: RFC: (ice-9 sandbox), Ludovic Courtès, 2017/04/03
  - Re: RFC: (ice-9 sandbox), Andy Wingo, 2017/04/14
  - Re: RFC: (ice-9 sandbox), tomas, 2017/04/14
  - Re: RFC: (ice-9 sandbox), Ludovic Courtès, 2017/04/14
Re: RFC: (ice-9 sandbox), Freja Nordsiek, 2017/04/06
- Re: RFC: (ice-9 sandbox), Andy Wingo, 2017/04/14
Re: RFC: (ice-9 sandbox), Nala Ginrut, 2017/04/15
- Re: RFC: (ice-9 sandbox), Andy Wingo, 2017/04/17
  - Re: RFC: (ice-9 sandbox), Nala Ginrut <=
Re: RFC: (ice-9 sandbox), Andy Wingo, 2017/04/18