Do you need to disallow reading a file? If it's just creating or altering a file that needs to be blocked, you could redirect fopen and fwrite (in s7.c) to functions that raise an error. I don't think s7 uses creat, open (except with O_RDONLY), or write. Also build it with WITH_C_LOADER=0 (to disallow dynamic loading of C object code), and maybe WITH_SYSTEM_EXTRAS=0. Hmmm... as I type this, this seems interesting -- maybe I'll tackle it later today. It might be equally easy to disallow reading a file -- fread etc. Oh, and for fopen, check the mode doesn't have "w" or "x" or whatever else might change a file. I'm probably forgetting something obvious.
(There's also the sandbox procedure in stuff.scm, but it's been years since I looked at it). _______________________________________________ Cmdist mailing list Cmdist@ccrma.stanford.edu https://cm-mail.stanford.edu/mailman/listinfo/cmdist