[plt-scheme] Safely evaluating arbitrary scheme code?

From: Robby Findler (robby at cs.uchicago.edu)
Date: Sat Jun 28 09:12:56 EDT 2003

MzScheme should have all of the support you need to do that. In
addition to security guards, you also need to use custodians (to close
any os resources the cgi script opened: threads, etc etc) and you
probably want to use the 3m collector that has memory accounting to
make sure the cgi script doesn't use up all available memory.


At Fri, 27 Jun 2003 14:51:11 -0600, scott-dated-1057608751.25e8a7 at bandwidthcoop.org wrote:
>   For list-related administrative tasks:
>   http://list.cs.brown.edu/mailman/listinfo/plt-scheme
> Hi everyone, 
> I have a CGI script which takes Scheme code from a form, evaluates it, and 
> prints out the result. This is, of course, a giant security risk. I'm 
> investigating the possibility of making this secure. 
> MzScheme provides security guards, which controls a thread's access to the 
> file system and the network. My program needs access to some files. The 
> program does its work, installs a security guard which prevents any file or 
> net access, then evals the code. 
> I'd appreciate feedback on this approach, specifically: 
>    -Is this sufficient to protect the server? A good start, but more needs 
> to be done? Or madness, and best not attempted? 
>    -I'm starting a examination of the library APIs to see if there are other 
> potential security threats. Is there anything undocumented that I should be 
> wary of? 
> Thanks in advance for any help, 
> Scott Lewis
> scott-dated-1057608751.25e8a7 at bandwidthcoop.org 
> Please note: I'm not positive the configuration is correct on my spam filter 
> (tmda). If you have any problem replying to the above address, you can email 
> me at my regular address (scott at bandwidthcoop.org). But you'll have to reply 
> to tmda's challenge email for it to get through. Sorry for any 
> inconvenience.

Posted on the users mailing list.