[racket] sandbox error

From: Matthew Flatt (mflatt at cs.utah.edu)
Date: Wed Jan 14 15:23:07 EST 2015

Ah, I see. The sandbox should allow reading from all directories in
`(get-lib-search-dirs)`, but it currently only allows reading from
`(find-lib-dir)`.

I don't think that "/usr/lib" is needed in Racket's search path, since
Racket eventually relies on the OS's library search path. I expect that
"/usr/lib" is included in `(get-lib-search-dirs)` due to a

 /usr/etc/racket-6.1.1/config.rktd

file that includes "/usr/lib" in a `lib-search-dirs` entry. If so, I
think that removing "/usr/lib" in that file should be ok and should
work around the sandbox problem.

Meanwhile, I'll adjust `racket/sandbox` for future releases.

At Wed, 14 Jan 2015 13:11:36 -0700, Lucas Paul wrote:
> From DrRacket (which is where I see the problem):
> 
> Welcome to DrRacket, version 6.1.1 [3m].
> Language: racket [custom]; memory limit: 128 MB.
> > (require setup/dirs)
>   (find-lib-dir)
>   (get-lib-search-dirs)
> #<path:/usr/lib/racket>
> '(#<path:/home/lucas/.racket/6.1.1/lib> #<path:/usr/lib/racket>
> #<path:/usr/lib>)
> >
> 
> On Wed, Jan 14, 2015 at 12:17 PM, Matthew Flatt <mflatt at cs.utah.edu> wrote:
> > Trying "/usr/lib/libcrypto" with no suffix is a last-ditch effort. It
> > accommodates a library request where the given library name has a
> > suffix already; in this case, "libcrypto" is provided without the
> > suffix (and the search adds an ".so" suffix and version numbers).
> >
> > I don't yet have another idea why the search might fails. Just to make
> > sure, what does
> >
> >   (require setup/dirs)
> >   (find-lib-dir)
> >   (get-lib-search-dirs)
> >
> > produce for your installation?
> >
> > At Wed, 14 Jan 2015 11:07:45 -0700, Lucas Paul wrote:
> >> I have a couple of those:
> >>
> >> /usr/lib/libcrypto.so
> >> /usr/lib/libcrypto.so.1.0.0
> >>
> >> I haven't changed anything, and the error is still here (thank
> >> goodness for Bohr bugs). Anyway, the error doesn't say anything about
> >> "/usr/lib/libcrypto.so" it wants exists? access to
> >> "/usr/lib/libcrypto", which I find a little strange. Is it looking for
> >> a directory?
> >>
> >> Lucas
> >>
> >> On Wed, Jan 14, 2015 at 8:24 AM, Matthew Flatt <mflatt at cs.utah.edu> wrote:
> >> > I think `scribble/manual` is trying to load "libcrypto" as part of
> >> > using OpenSSL for its SHA1 functionality.
> >> >
> >> > I haven't been able to replicate the error that you're getting, and my
> >> > best guess is that we need to add a version of libcrypto to our list.
> >> > Does your installation have any of these?
> >> >
> >> >  libcrypto.so
> >> >  libcrypto.so.1.0.1e
> >> >  libcrypto.so.1.0.0
> >> >  libcrypto.so.1.0
> >> >  libcrypto.so.0.9.8b
> >> >  libcrypto.so.0.9.8
> >> >  libcrypto.so.0.9.7
> >> >
> >> > If you have some other "libcrypto", then a symbolic link from
> >> > "libcrypto.so" to that version should work around the problem.
> >> >
> >> > At Tue, 13 Jan 2015 12:55:37 -0700, Lucas Paul wrote:
> >> >> Hi. I'm trying to use a racket sandbox to safely evaluate some
> >> >> scribble code, but I'm having trouble setting up the sandbox in the
> >> >> first place. The following produces an error on my system:
> >> >>
> >> >> (make-evaluator 'racket/base #:requires '(scribble/manual 
> scribble/racket))
> >> >>
> >> >> The error is:
> >> >>
> >> >>
> >> 
> ../../../../../../../usr/share/racket/collects/racket/private/so-search.rkt:37:
> >> >> 20:
> >> >> file-exists?: `exists' access denied for /usr/lib/libcrypto
> >> >>
> >> >> I'm running Racket 6.1.1 on Arch Linux x86_64. The exact same code
> >> >> seems to work correctly for Michael Ballantyne with Racket 6.1 on a
> >> >> Mac. Am I doing something wrong? Is there a reason Scribble needs
> >> >> libcrypto? Is this a bug I should report? I truly don't know what's
> >> >> going on.
> >> >>
> >> >> Please help,
> >> >> Lucas
> >> >> ____________________
> >> >>   Racket Users list:
> >> >>   http://lists.racket-lang.org/users

Posted on the users mailing list.