[plt-scheme] Safely evaluating arbitrary scheme code?

From: Anton van Straaten (anton at appsolutions.com)
Date: Sat Jun 28 12:08:18 EDT 2003

> I have a CGI script which takes Scheme code from a form,
> evaluates it, and prints out the result. This is, of course,
> a giant security risk. I'm investigating the possibility
> of making this secure.
>
> MzScheme provides security guards, which controls a thread's
> access to the file system and the network. My program needs
> access to some files. The program does its work, installs
> a security guard which prevents any file or net access,
> then evals the code.

Another security measure you can use is to create a small PLT module
language, to restrict the language constructs that can be used in the
evaluation.  Depending on your requirements, this could range from being
very easy to implement, to impractical.  I did this in a case where there
were a limited number of functions that could be used by the client -
primarily instantiation of particular structures, and performing operations
on those structures.

There's an example using a simple lambda calculus module language here:
http://download.plt-scheme.org/doc/203/html/mzscheme/mzscheme-Z-H-12.html#%_
sec_12.5

Anton



Posted on the users mailing list.