[plt-scheme] (in)security in a top-level eval

From: Eli Barzilay (eli at barzilay.org)
Date: Tue Feb 20 17:35:38 EST 2007

On Feb 21, Matthew Flatt wrote:
> Overall, then, you want:
>  * a security guard to prevent disk and network access (be sure to
>    disable all "execute" filesystem operations);
>  * a code inspector to prevent access to privileged operations; and
>  * a custodian for easy shutdown (in case the program runs too long),
>    including custodian-based
>      - memory limits to prevent excessive memory use, and
>      - file-descriptor limits to prevent too many open files, etc.
>        *** not available, yet, but hopefully soon! ***
> Those are all the security issues that I can see, at least, for
> sandboxing code in an embedded MzScheme.

On a related note, you can look at the new handin-server/sandbox.ss
module that provides a sandboxed environment that does all of the
above.  The documentation is in doc.txt in the same directory.  (This
is not part of the standard distribution, and it's relatively new, so
you can get it from svn,
          ((lambda (x) (x x)) (lambda (x) (x x)))          Eli Barzilay:
                  http://www.barzilay.org/                 Maze is Life!

Posted on the users mailing list.