[racket] Sandbox needs to access preferences? Why?

From: Jordan Johnson (jmj at fellowhuman.com)
Date: Wed Mar 14 03:39:48 EDT 2012

On Mar 13, 2012, at 1:48 PM, Robby Findler wrote:
> Do you get a stacktrace with the error?

No -- since errors are being caught by the handin server, I assume -- but I've narrowed it down a bit by now and can offer some more specifics:  In
           (parameterize ([sandbox-namespace-specs
                           (list make-base-namespace 'hw/solutions)])
              ...create two evaluators...)
I was neglecting to include '2htdp/image in the namespace specs list, and adding it eliminated the error message about accessing preferences.  I also found, in experimenting, that
	* creating either one of the two evaluators alone is sufficient to trigger the error -- make-evaluator/submission and make-module-evaluator behave the same in this regard.
	* it does not matter whether '2htdp/image is included in the allow-read list passed to either of the make-evaluator functions.

In any case, I seem to have found my fix for the moment, but if I can help you track down where that obscure error message originated and why, let me know and I'll be glad to.

Incidentally, separate from the concern of my initial post: In the body of that (parameterize ...) expression, I found i have to create the second evaluator thus:
  (make-module-evaluator (build-path asg-dir "solution.rkt") #:allow-read '(hw/solutions))
where hw is a collection I have linked to a directory (via raco link).  If I omit the #:allow-read as I did originally (quoted below), I get this error in the server log and via the client UI:

  ERROR: file-exists?: `exists' access denied for /<path to hw collection>/solutions.rkt

I would rather not expose my system pathnames to the end users, so I assume the best way is to catch this kind of error explicitly in the code that creates the evaluators.  (In addition to doing the right thing by including the #:allow-read, of course; I realized, while testing, that the student can trigger this message if they (require...) my library name from their file.)  Does that sound about right?

My effort here is aimed at building a little framework whereby I can write up the assignment solution in a file separate from the checker, and use my solution in checking student code.  I'd like a checker file to specify the logic of how I want *most or all* assignments graded, so they're largely the same from assignment to assignment, while the assignment-specific required-names info and test cases can reside with my solution code -- the code that any changes to the assignment would affect directly.  I'll let you all know when I get it to a point of sufficient robustness & utility to be worth sharing.  Thanks for your help.

Best,
jmj

> 
> Robby
> 
> On Tue, Mar 13, 2012 at 3:06 PM, Jordan Johnson <jmj at fellowhuman.com> wrote:
>> Hi all,
>> 
>> I'm trying to write a checker script for the handin server (which is running on my Mac), and when i try handing an assignment in to it, I am getting the error that read access to my preferences file is denied:
>> 
>>  ERROR: file-or-directory-modify-seconds: 'read' access denied for
>>    /Users/myusername/Library/Preferences/org.racket-lang.prefs.rktd
>> 
>> In the checker I am creating two evaluators, one using make-evaluator/submission and the other using make-module-evaluator.  I have determined that this definition is provoking the error:
>> ;;
>> (define-values (asg-eval solution-eval)
>>          (parameterize ([sandbox-namespace-specs
>>                           (list make-base-namespace 'hw/solutions)])
>>            (values
>>             (make-evaluator/submission
>>              '(special intermediate)
>>              '()
>>              submission)
>>             (make-module-evaluator (build-path asg-dir "solution.rkt")))))
>> ;;
>> 
>> submission is bound by the handin server's check: macro, and asg-dir is defined thus:
>> (define asg-dir (build-path server-dir "my-handin-directory-here"))
>> where server-dir is also provided by the handin server.  solution.rkt is a file I have written in ISL, which depends only on 2htdp/image and a library I've linked as hw/solutions.
>> 
>> Can you identify what may be triggering the attempt to read preferences, and how I can either avoid it or grant appropriate read permissions?  Thanks...
>> 
>> Best,
>> Jordan
>> 
>> ____________________
>>  Racket Users list:
>>  http://lists.racket-lang.org/users



Posted on the users mailing list.