[racket] Handin Server + PLAI problem
Does variable-reference->module-source use current-directory?
If so, that'd explain this. (And either it would have to change or the
handin-server/sandbox would have to.)
Robby
On Sat, Jan 14, 2012 at 4:28 PM, Eli Barzilay <eli at barzilay.org> wrote:
> 40 minutes ago, Robby Findler wrote:
>> While we wait for Eli to either fix the bug or to track this down to
>> some other part of the system,
>
> It's not a handin server or a sandbox bug -- it's a problem of some
> code that tries to get `exists' access to some directories, which is
> usually harmless since the default security guard allows anything. I
> can allow these directories by default through the sandbox if someone
> tells me which directories should be allowed. (I also don't know what
> code causes it.)
>
>
>> applying this diff makes the problem go away for me.
>> [remove contract]
>
> This indicates that something in the contract wrapper does the
> access. My guess is that some path manipulation function is used
> which checks the current directory. If this is the case, and it's
> always the current directory, then I think that the right solution is
> to avoid it. (I don't know if there are any security implications to
> allow exists access to the current directory, so I prefer to not open
> it up.)
>
> --
> ((lambda (x) (x x)) (lambda (x) (x x))) Eli Barzilay:
> http://barzilay.org/ Maze is Life!