[racket] Limiting net-repl provided functions

From: Sam Tobin-Hochstadt (samth at ccs.neu.edu)
Date: Mon Jun 27 09:52:37 EDT 2011

On Mon, Jun 27, 2011 at 9:48 AM, Jukka Tuominen
<jukka.tuominen at finndesign.fi> wrote:
> BTW, 'secure' in this context may mean allowing even critical system calls
> (say format harddisk), if so specified. But the user should not be able to
> do anything else than specified.

The `sandbox' infrastructure is fairly flexible.  Just by constructing
a namespace and doing the `eval' in that namespace, you'll be able to
restrict which identifiers the remote user can refer to.  If those are
very limited, that might be enough for security.

>> -----Original Message-----
>> From: samth0 at gmail.com [mailto:samth0 at gmail.com]On Behalf Of Sam
>> Tobin-Hochstadt
>> Sent: 27 June 2011 16:10
>> To: Jukka Tuominen
>> Cc: users at racket-lang.org
>> Subject: Re: [racket] Limiting net-repl provided functions
>>
>>
>> On Mon, Jun 27, 2011 at 8:48 AM, Jukka Tuominen
>> <jukka.tuominen at finndesign.fi> wrote:
>> >
>> > The basic client/server functionality is already working, but
>> it's too big a
>> > security risk outside LAN use. It seems to be easier to add
>> functionality
>> > than ripping them off. Perhaps creating a custom #%top definition to
>> > interfere with the default symbol lookup...?
>>
>> The right place to look is at sandboxes:
>>   http://docs.racket-lang.org/reference/Sandboxed_Evaluation.html
>> and namespaces:
>>   http://docs.racket-lang.org/guide/mk-namespace.html
>>
>> --
>> sam th
>> samth at ccs.neu.edu
>
> _________________________________________________
>  For list-related administrative tasks:
>  http://lists.racket-lang.org/listinfo/users
>



-- 
sam th
samth at ccs.neu.edu



Posted on the users mailing list.