[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Texmacs-dev] Safe modules for TeXmacs
|
From: |
Giovanni Piredda |
|
Subject: |
[Texmacs-dev] Safe modules for TeXmacs |
|
Date: |
Sat, 9 May 2020 20:55:38 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0 |
This is a bit long, please be patient :-), I hope it is useful.
A few weeks ago Massimiliano suggested me to look into how to limit
which commands can be executed in a piece of otherwise arbitrary Guile
code
(http://lists.texmacs.org/wws/arc/texmacs-users/2020-03/msg00146.html
and following). This would help make safer some Scheme programs for
TeXmacs.
In that discussion we were referring to a code which serves to send to
TeXmacs a graphics expression. Since I want that the graphics expression
be arbitrary, then the code calls "load" onto a user-specified file
which "should" contain graphics commands.
I have looked into the filtering of commands and found a way to do it,
starting from
https://www.mail-archive.com/address@hidden/msg00963.html (found
with a Google search). I write here about it to get if possible some
suggestions; not everything works and I have to think about it quite a
while longer to make something sensible. The questions are after the
description.
There is another way based on (make-root-module) (I found the code for
it in a past version of Guile) but one thing at a time. I am using Guile
2.2.3.
--- Description
make-module defines a module without bindings, one has to add them.
I tested:
(define (make-pure-math-module)
(let ((m (make-module)))
(begin
(module-define! m '* *)
(module-define! m 'load load)
m)))
following up with a call
(eval '(load "testEvalLoad.scm") (make-pure-math-module))
where testEvalLoad.scm contains
(* 2 2)
or it contains
(+ 2 2)
The loading of the file with the first command succeeds, with the second
fails: so far, so good.
Now the
--- Questions:
1)
I cannot add either define or set! to the bindings:
(define (make-pure-math-module)
(let ((m (make-module)))
(begin
(module-define! m '* *)
(module-define! m 'load load)
(module-define! m 'define define)
m)))
fails with
Syntax error:
unknown location: unexpected syntax in form define
How to circumvent this? Having define available would help.
2)
Maybe incompatible with 1)
The language that comes out of the filtering should not be too "strong":
I do not want that it is able to redefine "forbidden" functions using
"allowed" ones. Any ideas? Perhaps I should keep "define" out of it?
- [Texmacs-dev] Safe modules for TeXmacs,
Giovanni Piredda <=