[plt-scheme] Copying bindings between namespaces

From: Matthew Flatt (mflatt at cs.utah.edu)
Date: Thu Aug 22 22:31:35 EDT 2002

At Thu, 22 Aug 2002 14:02:46 +0300, Timo Lilja wrote:
> I'm trying to write a safe sandbox to run untrusted code with
> MzScheme. The general idea is to have an empty namespace and copy
> certain bindings from MzScheme's normal namespace to it. I would leave
> all I/O-primitives and other unnecessary (and possibly dangerous)
> primitives out. 

Shriram mentioned the `module' system. If you're willing to pick by
hand every primitive and form for your language, that may well be the
right path.

Another possibility is to leave the language alone, use security gaurds
for protecting files and network connetions, and use custodians to
limit resource usage. Controlling memory use is the hard part in this
case. If you're running in Unix, then you can build an experimental
variant of MzScheme/MrEd that associates memory limits with custodians;
run `configure' with --account.

Matthew




Posted on the users mailing list.