[plt-scheme] (in)security in a top-level eval

From: support at taxupdate.com (support at taxupdate.com)
Date: Tue Feb 20 07:52:17 EST 2007


On Tue, Feb 20, 2007 at 10:17:58AM -0600, Robby Findler wrote:
> The top-level shouldn't cause you any problems. Just create a new
> namespace for the eval'd code and it will only be able to use that
> namespace.

I neglected to mention that in this case, I'm embedding mzscheme in a
c++ environment.  I take it that either scheme_basic_env or
scheme_make_namespace provides an isolated Scheme_Env/namespace for the
untrusted code.

> You will probably want to make a separate thread (and eventspace if in
> mred) in case the code runs forever. To protect against code that
> attempts to allocate all of the memory in your program, use
> custodian-limit-memory.

I tried this (in mzscheme3m) on a recent SVN snapshot:

(define cust1 (make-custodian))
(custodian-limit-memory cust1 1000 cust1)
(current-custodian cust1)
(let loop ((acc '()))
    (loop (cons 'x acc)))
I expected this to raise an exception after a few seconds, but it kept
running.  What's the proper way to set this up?


Posted on the users mailing list.