[plt-scheme] Insecure procedures

From: Don Felgar (dfelgar at rainier-infosys.com)
Date: Tue Aug 17 19:21:02 EDT 2004

> > The is true in varying degrees with require, load, open-input-file
> > and anything else I haven't thought of.
> Well, all of these can basically open a file and read it.  If you
> prevent reading certain files, then load and open-input-file should be
> impossible.  You might want to also inspect the path argument and
> forbidding access to some parts of the file system.

Well all right then.

> It's pretty ancient, so I had a quick pass to make sure that it
> works with v208.  What it does is run a Scheme server, letting
> people connect and use it, where each connection gets its own
> "shell".  There are some shell commands (like pwd, cs, ls, rm) and
> ways to run stuff in the background (if an evaluation take a while,
> you can press C-z and it gets backgrounded).  There is also a "say"
> command that everyone connected sees, and my plan was to make it
> possible to create any object (like a closure) and hand it over to
> some other connected user which will get to use it.
>   http://barzilay.org/tmp/rscheme.ss
> (This is unrelated to R-Scheme.)

How funny, I wrote largely the same program in C years ago to control
Windows boxes in a lab.

Thanks for your help.


Posted on the users mailing list.