[plt-scheme] Insecure procedures

From: Don Felgar (dfelgar at rainier-infosys.com)
Date: Tue Aug 17 16:22:42 EDT 2004

> > I plan to provide a Scheme service on a semi-public server.  Does
> > anyone have a list of procedures that are inherently unsafe?  For
> > the time being I'm not talking about resource hogging or similar
> > attacks.  I mean system, eval, load, open-input-file and etc,
> > procedures that directly facilitate abuse.  Does such a list exist?
> For preventing file access you should read about security guards:
>   (current-security-guard
>    (make-security-guard
>     (current-security-guard)
>     (lambda (who path what)
>       (when (memq 'execute what)
>         (error "I'm sorry Dave, I'm afraid I can't do that.")))
>     void))
> I don't see the problem with `eval' etc.

On second thought you must be right about eval.

'System' effectively gives the remote user a shell on the server.  I
agree this isn't necessarily bad, but it's useless for my application
and therefore creates work and risk on my part.  The is true in
varying degrees with require, load, open-input-file and anything else
I haven't thought of.

> If you're planning to let different users run code, then you'll
> probably want to set each user with a different namespace.  (I once
> hacked a remote Scheme thing which did something similar, in case
> you want some half baked code.)

Please do email the code.  In fact I planned to make namespaces the
topic of my next question so I'm sure it will save me time.  I promise
not to sneer or make derisive remarks about your half-baked code the
way the ladies do to me behind my back.


Posted on the users mailing list.