[racket] Is (read) safe?

From: Eli Barzilay (eli at barzilay.org)
Date: Fri Mar 8 23:14:18 EST 2013

10 minutes ago, Michael Wilber wrote:
> With all these discussions about serialization safety in different
> languages (see http://news.ycombinator.com/item?id=5343704 for some
> commentary on clojure's default reader for example), I have to wonder:
> 1. Is racket's (read) "safe" to use in an unsafe context?
> 2. If not, how can I (read) a value from an untrusted port safely?

In addition to what Robby said, Racket has several advantages:

1. There is no plain "read-time eval", as in CL's `#.'.  The closest
   that you can get to is `#reader'.

2. So you can only theoretically execute random reader code on the
   server using `#reader' -- that is, code that is part of your code,
   rather than user-supplied code.  (So it's similar to the "apply
   random java constructor code", except that these readers are
   specific readers -- not some random function from a random module.)

3. But even that isn't possible since the parameter that allows it is
   off by default.

But as Robby pointed out, you can always run into trouble -- some
simple input examples that would trip your code:

  "(" --> you'll get an error that your code didn't expect

  "(1 1 1 1 ..." or "((((((..." etc -- the server will grab all memory
  (and eventually die)

or even just "(" from a client that doesn't close the connection --
and now you have a thread that won't die (=> easy DOS attack).

BTW, another common approach besides a sandbox is to use a combination
of an exception handler, a timer, and `make-limited-input-port'.

          ((lambda (x) (x x)) (lambda (x) (x x)))          Eli Barzilay:
                    http://barzilay.org/                   Maze is Life!

Posted on the users mailing list.