[plt-scheme] Sandboxing and modules

From: Markku Rontu (mrontu at cc.hut.fi)
Date: Sat Feb 7 09:43:44 EST 2004

Hello again,

I received this (partial) answer from Jens and he requested to forward this to
the list as well. His code does get around the name conflicts but,
unfortunately, it's not a suitable solution as is. Why? The user can evaluate
code like:

---

(#%require (rename mzscheme delete-file delete-file))
(delete-file ...)

---

This is security by obscurity and not a real solution for a sandbox. Any more
ideas?

--- Markku Rontu --------------------------------- 16:39. Sat Feb  7, 2004 ---
   E-mail markku.rontu at hut.fi - WWW www.hut.fi/~mrontu/ - GSM +358503822310
------------------------------------------------------------------------------
                    "I am here. I have always been here."
-------------------- Ambassador Kosh of the Vorlon Empire --------------------

---------- Forwarded message ----------

Explanation follows tomorrow (the bus leaves soon).

/Jens Axel Søgaard

(module safe-scheme mzscheme
  ;; values
  (provide car cdr
           = < > <= >= max min + - * /
           eq? eqv? equal?
           display newline)

  ;; syntax
  (provide if let and or cond case begin lambda quote set!
    ;; We have to include the following MzScheme-isms to do anything,
    ;; but they're not legal R5RS names, anyway.
    #%app #%datum #%top
    (rename synrule-in-stx-module-begin #%module-begin)
    (rename require #%require)
    (rename provide #%provide))

  (define-syntax synrule-in-stx-module-begin
    (lambda (stx)
      (datum->syntax-object
       (quote-syntax here)
       (list* (quote-syntax #%plain-module-begin)
       (quote-syntax
        (require-for-syntax (rename mzscheme syntax-rules syntax-rules)))
       (cdr (syntax-e stx)))
       stx))))

(module less-safe-scheme safe-scheme
  ; provide all in safe-scheme
  ;(#%provide #%module-begin #%app #%top #%datum)
  ; provide selected values from mzscheme
  (#%require (rename mzscheme list list)
             (rename mzscheme map map))
  (#%provide (all-from safe-scheme)
             list map))

;; USER CODE
(module user-code less-safe-scheme
  ; legal user code
  (display (list 1 2 3)))
;(module user-code2 safe-scheme
;  ; illegal user code
;  (display (list 1 2 3)))

;; RUN USER CODE
(require user-code)
;(require user-code2)



Posted on the users mailing list.