((( [logo]Racket )))Need Help?
AboutDownloadDocumentationPLaneTCommunityLearning

[plt-scheme] Copying bindings between namespaces

From: Matthew Flatt (mflatt at cs.utah.edu)
Date: Mon Sep 16 08:09:44 EDT 2002		 
At Fri, 13 Sep 2002 18:58:02 +0300, Timo Lilja wrote:
>   For list-related administrative tasks:
>     http://list.cs.brown.edu/mailman/listinfo/plt-scheme
> 
> Matthew Flatt <mflatt at cs.utah.edu> writes:
> 
> >  For list-related administrative tasks:
> >    http://list.cs.brown.edu/mailman/listinfo/plt-scheme
> >
> >At Thu, 22 Aug 2002 14:02:46 +0300, Timo Lilja wrote:
> >> I'm trying to write a safe sandbox to run untrusted code with
> >> MzScheme. The general idea is to have an empty namespace and copy
> >> certain bindings from MzScheme's normal namespace to it. I would leave
> >> all I/O-primitives and other unnecessary (and possibly dangerous)
> >> primitives out. 
> >
> >Shriram mentioned the `module' system. If you're willing to pick by
> >hand every primitive and form for your language, that may well be the
> >right path.
> 
> I looked into this module system and couldn't really figure out how to
> use it. I tried something like this:
> 
> First let's create a module which contains the forms I want:
> 
> (module my-primitives mzscheme
>   (provide +)
>   (provide #%module-begin)
>   (provide #%app)
>   (provide #%datum)
>   (provide #%top)
>   (provide define)
>   (provide provide))
> 
> And this has to be required:
> 
> (require my-primitives)
> 
> Now I can create another module which uses 'my-primitives' and thus
> contains only the needed forms and primitives:
> 
> (module my-eval-module my-primitives
>   (define result <untrusted code here>)
>   (provide result))
> 
> After this, I require 'my-eval-module' and get the evalution result
> from the variable 'result'. So it seems that this would need a macro
> wrapped to the code above but I I can't do this because module
> declarations can appear only at the top level or am I missing
> something here?

If you don't want the untrusted code to have to be in `module' form
already, you can put your bindings into a namespace so that the
untrusted code can be a top-level expression.

Something like this:

 (let ([n (make-namespace 'empty)])
   (parametereize ([current-namespace n])
     (namespace-require '(lib "my-primitives.ss" "my-primitives"))
     (eval untrausted-s-exp)))

Matthew
Posted on the users mailing list.