[racket] What are sandboxes used for?

From: Eli Barzilay (eli at barzilay.org)
Date: Sun Feb 12 00:38:30 EST 2012

20 minutes ago, Nadeem Abdul Hamid wrote:
> In general, any scenario where you need to dynamically load
> *untrusted* code might be a situation where you would want to use a
> sandbox to isolate that code from your program and yet still be able
> to interact with it to some degree. If all you wanted to do was
> dynamically load code that you trust (i.e. you wrote yourself, or
> trust the source), then instead of a sandbox there are other
> mechanisms to do that more directly (things like 'eval',
> 'dynamic-require', 'load', etc.)

Security is of course the main use of sandbox, but the isolation
aspect is important too.  For example, you want to run some code and
make sure that it has a "clean" environment and that it cannot
interact with your own environment.  It's true that there are all of
these tools -- like creating a new namespace to evaluate the code,
wrapping the code in a new custodian, diverting its IO, etc -- and the
sandbox library is basically doing all of that.  For an example,
consider drracket running your code[*].  The
`call-with-trusted-sandbox-configuration' function encapsulate a
sandbox configuration for such cases.

([*] It's not using the sandbox library, but that's mostly because
it's older.)

          ((lambda (x) (x x)) (lambda (x) (x x)))          Eli Barzilay:
                    http://barzilay.org/                   Maze is Life!

Posted on the users mailing list.