[plt-scheme] How to execute eval from a network udp socket?

From: Eli Barzilay (eli at barzilay.org)
Date: Wed Jul 1 16:33:30 EDT 2009

On Jul  1, Grant Rettke wrote:
> On Tue, Jun 30, 2009 at 11:27 PM, Richard Cleis<rcleis at mac.com> wrote:
> > Why is it so evil to depend on the top level name space,
> > especially for launching things like servers?  This module works
> > fine with netcat (although I would include exception handlers etc
> > if I knew the goal of this):
> 
> It isn't evil.

No it isn't.  However, the bottom line is that people jump onto `eval'
way too quickly.  (And that includes all languages with some `eval',
Scheme is overall better since the general approach is to suspect uses
of eval rather than encourage them.)

Here's my rule of thumb regarding when to use eval:

  Q: Should I use `eval'?
  A: No.

Alternatively, take this as a meta-FAQ:

  Q: Someone has asked me if s/he should use `eval', what should I
     say?
  A: Just say no.

The motivation behind these is that if you're asking whether you
should use it -- then you probably don't know enough to use it, and
you shouldn't.

There are, of course, cases where you should use it -- for example,
the OP might have a goal of a UDP-based repl to a process running on a
remote machine.  In such cases it's very obvious that you should use
eval.  If it's not obvious, then it shouldn't be used.

(And then there are the more rare cases of people who know they should
use eval, but don't know how -- those cases are less problematic,
since if you know the issues with it, then you'd expect it to not come
easily.)


> Namespaces are nicer if you want to control your environment, disallow
> 'exit' for example in the server code.

No, that's a bad advice for getting "security".  It's one of *many*
different ways to kill scheme (for example, you could use the exit
handler directly, tweak the error and uncaught exception handlers,
kill the current thread, shut the current custodian, run an infinite
loop, deadlock the thread, require `scheme/foreign' and dereference
random numbers, grab memory in a loop, run subprocesses in a loop, run
`system' with some "rm -rf /", open random files until the process
runs out of FDs, or flood IO, to name just a few).

-- 
          ((lambda (x) (x x)) (lambda (x) (x x)))          Eli Barzilay:
                    http://barzilay.org/                   Maze is Life!


Posted on the users mailing list.