[plt-scheme] Sandboxing and modules
Hello,
I'm trying to make a sandbox for running some untrusted user code. I
tried by declaring a module that provides a subset of the mzscheme module,
then namespace-requiring it. This worked fine. Like this:
---
(module safe-scheme mzscheme
(provide do if #%app ...) ; a long list
)
(let ((ns (make-namespace 'empty))
(ins (current-namespace)))
(parameterize ((current-namespace ns))
(namespace-attach-module ins 'mzscheme)
(namespace-require 'safe-scheme)
; eval something safely
)
)
---
But then I wanted to also define a bit more relaxed sandbox. I didn't want to
have another long list of provides so I tried to extend the safe-scheme
module. What I tried was this:
---
(module less-safe-scheme mzscheme
; provide all in safe-scheme
(require safe-scheme)
(provide (all-from safe-scheme))
; provide some more
(provide read-eval-print-loop ...)
)
---
The problem is, that does not compute. I cannot (require safe-scheme) because
of duplicate names between it and mzscheme. I cannot use safe-scheme as the
initial required module as it does not include provide, #%module-begin et al.
I cannot use (require (prefix safe: safe-scheme)) because (provide (all-from
safe-scheme)) then uses the local prefixed name, which is not what I want.
Is this a good way of sandboxing in PLT-Scheme? Any ideas how to solve this
problem?
--- Markku Rontu --------------------------------- 12:21. Sat Feb 7, 2004 ---
E-mail markku.rontu at hut.fi - WWW www.hut.fi/~mrontu/ - GSM +358503822310
------------------------------------------------------------------------------
"Anger is a blue sea."
-------------------- Ambassador Kosh of the Vorlon Empire --------------------
![[logo]](/logo.png){kind=logo}