((( [logo]Racket )))Need Help?
AboutDownloadDocumentationPLaneTCommunityLearning

[plt-scheme] Is read safe for untrusted data?

From: Robby Findler (robby at cs.uchicago.edu)
Date: Fri Aug 5 09:26:17 EDT 2005		 
At Fri, 05 Aug 2005 15:18:28 +0200, Jens Axel Søgaard wrote:
>   For list-related administrative tasks:
>   http://list.cs.brown.edu/mailman/listinfo/plt-scheme
> 
> Robby Findler wrote:
> > Read will not do any evaluation, but might allocate an arbitrary amount
> > of memory. You can use the 3m collectors with custodian-limit-memory to
> > control this, or you might use read-bytes-avail and friends to limit
> > the amount of data you read.
> 
> Jepri, see <http://schemecookbook.org/view/Cookbook/DynamicUntrustedEval>
> for how to evaluate an expression from an untrusted source.

Depending on what you expect of the code, there is a lot more that can
go wrong than network and file access. You might want to check out this
paper for some of the things that can go wrong:

  http://www.ccs.neu.edu/scheme/pubs/#icfp99-ffkf

Robby
Posted on the users mailing list.