[racket] Limiting net-repl provided functions

From: Jukka Tuominen (jukka.tuominen at finndesign.fi)
Date: Tue Jun 28 02:13:56 EDT 2011

I made a simplified test case (below), even left out the net-repl part in
belief that replacing the eval with sb-eval will do the trick in the end. I
have the module structure as intended, but still can't figure out how to
give it as an input to the sandbox evaluator. The documentation is there,
but a few more examples could make it easier to comprehend, especially when
not using built-in modules.

br, jukka

---

;XXX sb-test.rkt XXX
#lang racket

(require racket/sandbox)
(require "sb-functions.rkt")


;(define sb-eval (make-evaluator 'racket/base))
(define sb-eval (make-evaluator ... "sb-functions.rkt" ... ));?

;; these are ok
;(f1) ;bound
;(f2) ;bound
;(f3) ;bound
;(f4) ;unbound
;(f5) ;unbound
;(f6) ;unbound

;; intented sandbox bindings
;(sb-eval 'f1) ;bound
;(sb-eval 'f2) ;bound
;(sb-eval 'f3) ;bound
;(sb-eval 'f4) ;unbound
;(sb-eval 'f5) ;unbound
;(sb-eval 'f6) ;unbound
;(sb-eval 'cdr) ;unbound


;XXX sb-functions.rkt XXX

(module sb-functions scheme

  (require "sb-functions-extra.rkt")
  (provide f1 f2 f3)

  (define f1 (lambda () "F-one"))
  (define f2 (lambda () "F-two"))
  (define f3 f5); f5 from sb-functions-extra.rkt
  (define f4 (lambda () "F-four"));not provided!
  )


;XXX sb-functions-extra.rkt XXX

(module sb-functions-extra scheme

  (provide f5)

  (define f5 (lambda () "F-five"))
  (define f6 (lambda () "F-six")); not provided
  )

---

> -----Original Message-----
> From: samth0 at gmail.com [mailto:samth0 at gmail.com]On Behalf Of Sam
> Tobin-Hochstadt
> Sent: 27 June 2011 17:40
> To: Jukka Tuominen
> Cc: users at racket-lang.org
> Subject: Re: [racket] Limiting net-repl provided functions
>
>
> On Mon, Jun 27, 2011 at 10:08 AM, Jukka Tuominen
> <jukka.tuominen at finndesign.fi> wrote:
> >
> > So, once I hopefully have it working locally, how do I apply it into the
> > net-repl server? I think the following is the correct definition to be
> > tweaked (non-modified from net-repl). Do I add the
> sandbox-environment to
> > evals or something?
> >
> >  (define net-repl-eval
> >    (let ([eval (current-eval)])
>
> You'll want to construct a sandboxed evaluator here, perhaps using
> `current-eval'.  But more likely, you don't need `current-eval' at
> all.  To create a sandbox, do something like this:
>
> (require racket/sandbox)
> (make-evaluator 'racket/base)
>
> That produces a procedure that works like `eval', but in a new sandbox
> that only has access to `racket/base'.
>
> >      (lambda (exit)
> >        (lambda (expr)
> >          (if (equal?
> >               (if (syntax? expr)
> >                   (syntax-object->datum expr)
> >                   expr)
> >               '(#%top-interaction close))
> >              (exit)
> >              (eval expr))))))
> >
> >
> > br, jukka
> >
> >
> >> -----Original Message-----
> >> From: samth0 at gmail.com [mailto:samth0 at gmail.com]On Behalf Of Sam
> >> Tobin-Hochstadt
> >> Sent: 27 June 2011 16:53
> >> To: Jukka Tuominen
> >> Cc: users at racket-lang.org
> >> Subject: Re: [racket] Limiting net-repl provided functions
> >>
> >>
> >> On Mon, Jun 27, 2011 at 9:48 AM, Jukka Tuominen
> >> <jukka.tuominen at finndesign.fi> wrote:
> >> > BTW, 'secure' in this context may mean allowing even critical
> >> system calls
> >> > (say format harddisk), if so specified. But the user should not
> >> be able to
> >> > do anything else than specified.
> >>
> >> The `sandbox' infrastructure is fairly flexible.  Just by constructing
> >> a namespace and doing the `eval' in that namespace, you'll be able to
> >> restrict which identifiers the remote user can refer to.  If those are
> >> very limited, that might be enough for security.
> >>
> >> >> -----Original Message-----
> >> >> From: samth0 at gmail.com [mailto:samth0 at gmail.com]On Behalf Of Sam
> >> >> Tobin-Hochstadt
> >> >> Sent: 27 June 2011 16:10
> >> >> To: Jukka Tuominen
> >> >> Cc: users at racket-lang.org
> >> >> Subject: Re: [racket] Limiting net-repl provided functions
> >> >>
> >> >>
> >> >> On Mon, Jun 27, 2011 at 8:48 AM, Jukka Tuominen
> >> >> <jukka.tuominen at finndesign.fi> wrote:
> >> >> >
> >> >> > The basic client/server functionality is already working, but
> >> >> it's too big a
> >> >> > security risk outside LAN use. It seems to be easier to add
> >> >> functionality
> >> >> > than ripping them off. Perhaps creating a custom #%top
> definition to
> >> >> > interfere with the default symbol lookup...?
> >> >>
> >> >> The right place to look is at sandboxes:
> >> >>   http://docs.racket-lang.org/reference/Sandboxed_Evaluation.html
> >> >> and namespaces:
> >> >>   http://docs.racket-lang.org/guide/mk-namespace.html
> >> >>
> >> >> --
> >> >> sam th
> >> >> samth at ccs.neu.edu
> >> >
> >> > _________________________________________________
> >> >  For list-related administrative tasks:
> >> >  http://lists.racket-lang.org/listinfo/users
> >> >
> >>
> >>
> >>
> >> --
> >> sam th
> >> samth at ccs.neu.edu
> >
> > _________________________________________________
> >  For list-related administrative tasks:
> >  http://lists.racket-lang.org/listinfo/users
> >
>
>
>
> --
> sam th
> samth at ccs.neu.edu



Posted on the users mailing list.