[racket] Limiting net-repl provided functions
I made a simplified test case (below), even left out the net-repl part in
belief that replacing the eval with sb-eval will do the trick in the end. I
have the module structure as intended, but still can't figure out how to
give it as an input to the sandbox evaluator. The documentation is there,
but a few more examples could make it easier to comprehend, especially when
not using built-in modules.
br, jukka
---
;XXX sb-test.rkt XXX
#lang racket
(require racket/sandbox)
(require "sb-functions.rkt")
;(define sb-eval (make-evaluator 'racket/base))
(define sb-eval (make-evaluator ... "sb-functions.rkt" ... ));?
;; these are ok
;(f1) ;bound
;(f2) ;bound
;(f3) ;bound
;(f4) ;unbound
;(f5) ;unbound
;(f6) ;unbound
;; intented sandbox bindings
;(sb-eval 'f1) ;bound
;(sb-eval 'f2) ;bound
;(sb-eval 'f3) ;bound
;(sb-eval 'f4) ;unbound
;(sb-eval 'f5) ;unbound
;(sb-eval 'f6) ;unbound
;(sb-eval 'cdr) ;unbound
;XXX sb-functions.rkt XXX
(module sb-functions scheme
(require "sb-functions-extra.rkt")
(provide f1 f2 f3)
(define f1 (lambda () "F-one"))
(define f2 (lambda () "F-two"))
(define f3 f5); f5 from sb-functions-extra.rkt
(define f4 (lambda () "F-four"));not provided!
)
;XXX sb-functions-extra.rkt XXX
(module sb-functions-extra scheme
(provide f5)
(define f5 (lambda () "F-five"))
(define f6 (lambda () "F-six")); not provided
)
---
> -----Original Message-----
> From: samth0 at gmail.com [mailto:samth0 at gmail.com]On Behalf Of Sam
> Tobin-Hochstadt
> Sent: 27 June 2011 17:40
> To: Jukka Tuominen
> Cc: users at racket-lang.org
> Subject: Re: [racket] Limiting net-repl provided functions
>
>
> On Mon, Jun 27, 2011 at 10:08 AM, Jukka Tuominen
> <jukka.tuominen at finndesign.fi> wrote:
> >
> > So, once I hopefully have it working locally, how do I apply it into the
> > net-repl server? I think the following is the correct definition to be
> > tweaked (non-modified from net-repl). Do I add the
> sandbox-environment to
> > evals or something?
> >
> > (define net-repl-eval
> > (let ([eval (current-eval)])
>
> You'll want to construct a sandboxed evaluator here, perhaps using
> `current-eval'. But more likely, you don't need `current-eval' at
> all. To create a sandbox, do something like this:
>
> (require racket/sandbox)
> (make-evaluator 'racket/base)
>
> That produces a procedure that works like `eval', but in a new sandbox
> that only has access to `racket/base'.
>
> > (lambda (exit)
> > (lambda (expr)
> > (if (equal?
> > (if (syntax? expr)
> > (syntax-object->datum expr)
> > expr)
> > '(#%top-interaction close))
> > (exit)
> > (eval expr))))))
> >
> >
> > br, jukka
> >
> >
> >> -----Original Message-----
> >> From: samth0 at gmail.com [mailto:samth0 at gmail.com]On Behalf Of Sam
> >> Tobin-Hochstadt
> >> Sent: 27 June 2011 16:53
> >> To: Jukka Tuominen
> >> Cc: users at racket-lang.org
> >> Subject: Re: [racket] Limiting net-repl provided functions
> >>
> >>
> >> On Mon, Jun 27, 2011 at 9:48 AM, Jukka Tuominen
> >> <jukka.tuominen at finndesign.fi> wrote:
> >> > BTW, 'secure' in this context may mean allowing even critical
> >> system calls
> >> > (say format harddisk), if so specified. But the user should not
> >> be able to
> >> > do anything else than specified.
> >>
> >> The `sandbox' infrastructure is fairly flexible. Just by constructing
> >> a namespace and doing the `eval' in that namespace, you'll be able to
> >> restrict which identifiers the remote user can refer to. If those are
> >> very limited, that might be enough for security.
> >>
> >> >> -----Original Message-----
> >> >> From: samth0 at gmail.com [mailto:samth0 at gmail.com]On Behalf Of Sam
> >> >> Tobin-Hochstadt
> >> >> Sent: 27 June 2011 16:10
> >> >> To: Jukka Tuominen
> >> >> Cc: users at racket-lang.org
> >> >> Subject: Re: [racket] Limiting net-repl provided functions
> >> >>
> >> >>
> >> >> On Mon, Jun 27, 2011 at 8:48 AM, Jukka Tuominen
> >> >> <jukka.tuominen at finndesign.fi> wrote:
> >> >> >
> >> >> > The basic client/server functionality is already working, but
> >> >> it's too big a
> >> >> > security risk outside LAN use. It seems to be easier to add
> >> >> functionality
> >> >> > than ripping them off. Perhaps creating a custom #%top
> definition to
> >> >> > interfere with the default symbol lookup...?
> >> >>
> >> >> The right place to look is at sandboxes:
> >> >> http://docs.racket-lang.org/reference/Sandboxed_Evaluation.html
> >> >> and namespaces:
> >> >> http://docs.racket-lang.org/guide/mk-namespace.html
> >> >>
> >> >> --
> >> >> sam th
> >> >> samth at ccs.neu.edu
> >> >
> >> > _________________________________________________
> >> > For list-related administrative tasks:
> >> > http://lists.racket-lang.org/listinfo/users
> >> >
> >>
> >>
> >>
> >> --
> >> sam th
> >> samth at ccs.neu.edu
> >
> > _________________________________________________
> > For list-related administrative tasks:
> > http://lists.racket-lang.org/listinfo/users
> >
>
>
>
> --
> sam th
> samth at ccs.neu.edu