[plt-scheme] sandbox & ports closed prematurely

From: Eli Barzilay (eli at barzilay.org)
Date: Tue Jul 1 08:39:48 EDT 2008

On Jul  1, Eli Barzilay wrote:
> On Jul  1, Tom Schouten wrote:
> > On Tue, Jul 01, 2008 at 07:57:20AM -0400, Eli Barzilay wrote:
> > > 
> > > The default is a little paranoid: every evaluation is performed with a
> > > time and a space limit, which means running under a temporay
> > > custodian.  If you add (sandbox-eval-limits #f) then this will not
> > > happen.
> > 
> > Thanks.
> > I suppose there's no easy way to have it both?  Can a custodian be
> > made to ignore I/O ports, and let them be handled by its parent?
> 
> Well, the same parameter is used for evaluating the whole program
> (which for you is just `scheme/base') and for later evaluations; but
> you can change the limit later.  But I see now that there's a
> problem with the arguments to `set-eval-limits' that I should fix.

I forgot to add here -- there is a problem with bad arguments, but you
can still use it to remove the per-evaluation limits.  Something like
this:

  (require scheme/sandbox)
  (sandbox-security-guard (current-security-guard))
  (define e (make-evaluator 'scheme/base))
  (set-eval-limits e #f #f) ; removes per-evaluation limits
  (define f (e '(open-output-file "/tmp/bla")))
  (display 123 f)

-- 
          ((lambda (x) (x x)) (lambda (x) (x x)))          Eli Barzilay:
                  http://www.barzilay.org/                 Maze is Life!


Posted on the users mailing list.