[racket] Limiting net-repl provided functions

From: Jukka Tuominen (jukka.tuominen at finndesign.fi)
Date: Mon Jun 27 10:08:59 EDT 2011

So, once I hopefully have it working locally, how do I apply it into the
net-repl server? I think the following is the correct definition to be
tweaked (non-modified from net-repl). Do I add the sandbox-environment to
evals or something?

 (define net-repl-eval
    (let ([eval (current-eval)])
      (lambda (exit)
        (lambda (expr)
          (if (equal?
               (if (syntax? expr)
                   (syntax-object->datum expr)
                   expr)
               '(#%top-interaction close))
              (exit)
              (eval expr))))))


br, jukka


> -----Original Message-----
> From: samth0 at gmail.com [mailto:samth0 at gmail.com]On Behalf Of Sam
> Tobin-Hochstadt
> Sent: 27 June 2011 16:53
> To: Jukka Tuominen
> Cc: users at racket-lang.org
> Subject: Re: [racket] Limiting net-repl provided functions
>
>
> On Mon, Jun 27, 2011 at 9:48 AM, Jukka Tuominen
> <jukka.tuominen at finndesign.fi> wrote:
> > BTW, 'secure' in this context may mean allowing even critical
> system calls
> > (say format harddisk), if so specified. But the user should not
> be able to
> > do anything else than specified.
>
> The `sandbox' infrastructure is fairly flexible.  Just by constructing
> a namespace and doing the `eval' in that namespace, you'll be able to
> restrict which identifiers the remote user can refer to.  If those are
> very limited, that might be enough for security.
>
> >> -----Original Message-----
> >> From: samth0 at gmail.com [mailto:samth0 at gmail.com]On Behalf Of Sam
> >> Tobin-Hochstadt
> >> Sent: 27 June 2011 16:10
> >> To: Jukka Tuominen
> >> Cc: users at racket-lang.org
> >> Subject: Re: [racket] Limiting net-repl provided functions
> >>
> >>
> >> On Mon, Jun 27, 2011 at 8:48 AM, Jukka Tuominen
> >> <jukka.tuominen at finndesign.fi> wrote:
> >> >
> >> > The basic client/server functionality is already working, but
> >> it's too big a
> >> > security risk outside LAN use. It seems to be easier to add
> >> functionality
> >> > than ripping them off. Perhaps creating a custom #%top definition to
> >> > interfere with the default symbol lookup...?
> >>
> >> The right place to look is at sandboxes:
> >>   http://docs.racket-lang.org/reference/Sandboxed_Evaluation.html
> >> and namespaces:
> >>   http://docs.racket-lang.org/guide/mk-namespace.html
> >>
> >> --
> >> sam th
> >> samth at ccs.neu.edu
> >
> > _________________________________________________
> >  For list-related administrative tasks:
> >  http://lists.racket-lang.org/listinfo/users
> >
>
>
>
> --
> sam th
> samth at ccs.neu.edu



Posted on the users mailing list.