I thought about the same. My insights are: You can 'let all relevant symbols with alternative functions or just NIL. Adresses 1 & 2 You might want to change the repl in a way that if for example the symbols car and list are evaluated they return a meaningless number. (It might be possible to calculate the offset and execute arbitrary lisp code.) 1 & 2 And alternative would be to rewrite the picolisp eval function and only let it load Symbols from a certain namespace/symbol to function property list. Regarding 3: the best way to archieve that is putting the execution of this code in a 'later. You can either cancel them after a certain time via kill while your game world goes on (ask regenaxer how the open pipe is handled or wait for the result) 3 execution time aspect. To controll the space aspect you need rewrite picolisp in picolisp and maintain your own free list or let all functions the user can call either increase a counter on each allocation and throw an error if the number of allocations exhausts the virtual machine capacity.
Am 28.04.2017 04:18 schrieb "Christopher Howard" < christopher.how...@qlfiles.net>: > > Hi list, I was wondering if there would be a practical way to safely > contain a picolisp interpreter (or some subset of commands) inside > another picolisp program. E.g., suppose you have a computer game > programmed in PicoLisp, and the main character found a computer terminal > that allowed him to run some commands or program something in PicoLisp. > The obvious safety concerns here are: > > (1) You either want to disable disk access, or make it so that disk > access pulls from a virtual disk in the game. > > (2) You don't want the user to be changing memory in the game itself, > only his virtual memory. > > (3) You don't want the user to be able to exhaust memory or blow the stack. > > -- > https://qlfiles.net > > -- > UNSUBSCRIBE: mailto:picolisp@software-lab.de?subject=Unsubscribe
