[racket] Handin Server + PLAI problem [and 1 more messages] [and 2 more messages]

From: Robby Findler (robby at eecs.northwestern.edu)
Date: Sun Jan 15 20:18:33 EST 2012

(I said "mark" meaning continuation mark. FWIW.)

On Sun, Jan 15, 2012 at 7:05 PM, Eli Barzilay <eli at barzilay.org> wrote:
> Yesterday, Robby Findler wrote:
>> Perhaps the right thing is to have the setup code export a small
>> library that contains a "is my mark bound in the context" function
>> and then the sandbox can call that function when deciding whether or
>> not to grant permission.
>> (That has the dependencies going the right way, right?)
> Yes.  But I'd like to hear Matthew's opinion before hacking something
> like that in.
> The thing that bothers me about this solution is that there might some
> other code that needs to be treated as priviliged too, and in that
> case the sandbox will need to invoke each file's predicate (they won't
> be able to share this functionality since the actual values must be
> hidden).  For this reason, and assuming that this is a proper
> solution, the parameter is better put at the "highest" entry point to
> the priviliged code.  I suspect that this means that it should be part
> of the resolver, but only in the built-in unconfigurable core
> (otherwise you can circumvent protection by a configured malicious
> resolver), so perhaps this has to be done in the C core.
> It's also not clear to me if a whole parameter is needed, or just a
> continuation mark.
> --
>          ((lambda (x) (x x)) (lambda (x) (x x)))          Eli Barzilay:
>                    http://barzilay.org/                   Maze is Life!

Posted on the users mailing list.