[racket] What are sandboxes used for?

From: Nadeem Abdul Hamid (nadeem at acm.org)
Date: Sun Feb 12 00:05:11 EST 2012

One context where they are useful: When students in my course submit
their programs, I would like to use a program of my own to
automatically load, run, and test their programs. So I need to be able
to dynamically load their program files from my running program, and
then I want to execute and interact with their programs (by calling
functions for example, and examining the returned result to make sure
it is what it should be) - but without bad behavior in their programs
(such as a runtime error, infinite loop, etc.) affecting the ability
of my program to operate. So, what I do is set up a "sandbox" - an
isolated interpreter basically - into which their program file can be
loaded and then I can kind of poke at their programs and examine them
in a safe manner.

In general, any scenario where you need to dynamically load
*untrusted* code might be a situation where you would want to use a
sandbox to isolate that code from your program and yet still be able
to interact with it to some degree. If all you wanted to do was
dynamically load code that you trust (i.e. you wrote yourself, or
trust the source), then instead of a sandbox there are other
mechanisms to do that more directly (things like 'eval',
'dynamic-require', 'load', etc.)

I hope that helps some...

--- nadeem

On Sat, Feb 11, 2012 at 11:46 PM, Harry Spier <vasishtha.spier at gmail.com> wrote:
> Would it be possible for someone to briefly explain what sandboxes are
> used for.  The documentation Racket Reference 13.11 explains what they
> do, but could someone explain where you would use them.
>
> Thanks,
> Harry Spier


Posted on the users mailing list.