[plt-scheme] Is read safe for untrusted data?

From: Robby Findler (robby at cs.uchicago.edu)
Date: Fri Aug 5 09:26:17 EDT 2005

At Fri, 05 Aug 2005 15:18:28 +0200, Jens Axel Søgaard wrote:
>   For list-related administrative tasks:
>   http://list.cs.brown.edu/mailman/listinfo/plt-scheme
> Robby Findler wrote:
> > Read will not do any evaluation, but might allocate an arbitrary amount
> > of memory. You can use the 3m collectors with custodian-limit-memory to
> > control this, or you might use read-bytes-avail and friends to limit
> > the amount of data you read.
> Jepri, see <http://schemecookbook.org/view/Cookbook/DynamicUntrustedEval>
> for how to evaluate an expression from an untrusted source.

Depending on what you expect of the code, there is a lot more that can
go wrong than network and file access. You might want to check out this
paper for some of the things that can go wrong:



Posted on the users mailing list.