[plt-scheme] Copying bindings between namespaces

From: Timo Lilja (tlilja at niksula.cs.hut.fi)
Date: Wed Aug 21 08:34:59 EDT 2002

I'm trying to write a safe sandbox to run untrusted code with
MzScheme. The general idea is to have an empty namespace and copy
certain bindings from MzScheme's normal namespace to it. I would leave
all I/O-primitives and other unnecessary (and possibly dangerous)
primitives out. 

How is this done with the new MzScheme (>=v201)? In v103 I could write:

(define (eval:copy-item from-space item to-space)
  (parameterize ((current-namespace to-space)) 
   (global-defined-value item
                         (parameterize ((current-namespace from-space))
                                       (global-defined-value item)))))

But there's no 'global-defined-value' in the new MzScheme.

So, I guess I could use 'namespace-variable-value' and
namespace-set-variable-value!' but these work only for variables. Is
there a way to copy syntactic bindings (e.g., if, cond, lambda) in
MzScheme v201?

It would nice if there was something similar to the old
'global-defined-value' or something like 'namespace-syntax-value' and
namespace-set-syntax-value!'.

I've read about the new macro system and I think that I could use it
somehow to do the job, but it seems a bit too complex a solution for
this task.

Another problem: Just copying certain selected primitives to a new
environment is hardly enough for a safe sandbox. If I have a piece of
code that goes to an infinite loop, I would need a way to terminate
it. One way is to use threads or somekind of OS support (e.g., ulimit)
to kill MzScheme if it has been running too long. 

I think that a better approach would be to have some kind of procedure
call counter that would terminate the program if it has exceeded its
maximum number of procedure calls.

Is there a way to do this in MzScheme? I mean, can I somehow change
the primitve apply so that it would count the number of applications
and terminate the evaluation process if the number exceeded certain
fixed limit.


-- 
Timo Lilja




Posted on the users mailing list.