[racket-dev] sandbox and file-/directory-existence tests

From: Sam Tobin-Hochstadt (samth at cs.indiana.edu)
Date: Mon Aug 19 16:39:06 EDT 2013

On Mon, Aug 19, 2013 at 4:34 PM, Matthew Flatt <mflatt at cs.utah.edu> wrote:
> Is there a situation where allowing an arbitrary file- or
> directory-existence test would be bad?

This all depends on how paranoid we want to be.  There are certainly
situations when this will be bad -- it lets you determine who else has
an account on a computer, for example.  But there are contexts where
having GC be observable is a security hole as well, so we have to pick
a spot on the continuum.


Posted on the dev mailing list.