[racket] Handin Server + PLAI problem

From: Robby Findler (robby at eecs.northwestern.edu)
Date: Sat Jan 14 19:30:37 EST 2012

This is the correct example.

#lang racket/base
(define ns (make-base-namespace))

(parameterize ([current-namespace ns]
                 (λ (name path what)
                   (when (and (memq 'exists what)
                              (eq? name 'current-directory))
                     (printf "security guard: ~s ~s ~s\n" name path what)
                     (for ([x (in-list (continuation-mark-set->context
                       (printf "  ~s\n" x))
                     (printf "---\n")))
  (eval '(module c racket
           (variable-reference->module-source (#%variable-reference))))
  (eval '(require 'c)))

On Sat, Jan 14, 2012 at 5:52 PM, Eli Barzilay <eli at barzilay.org> wrote:
> 10 minutes ago, Robby Findler wrote:
>> Does variable-reference->module-source use current-directory?
>> If so, that'd explain this. (And either it would have to change or
>> the handin-server/sandbox would have to.)
> It looks like it does -- running the code below shows
>   >>> (find-system-path #f (exists))
>   >>> (find-system-path #f (exists))
> But the security guard that the sandbox installs allows "pathless
> queries" where the path is `#f'.  Perhaps it's some code that uses the
> resulting path?  (But that would be the path of the module, which
> should be allowed, not the current directory.)
> This is the code I tried:
>  #lang racket
>  (define-namespace-anchor a)
>  (define ns (namespace-anchor->namespace a))
>  (parameterize ([current-security-guard
>                  (make-security-guard
>                   (current-security-guard)
>                   (lambda (what path modes)
>                     (eprintf ">>> ~s\n" `(,what ,path ,modes)))
>                   void)])
>    (eval '(variable-reference->module-source (#%variable-reference))
>          ns))
> --
>          ((lambda (x) (x x)) (lambda (x) (x x)))          Eli Barzilay:
>                    http://barzilay.org/                   Maze is Life!

Posted on the users mailing list.