> Can you think of anything else that would need to be fixed, besides this > problem with forgeable syntax-objects?
It depends how much of a sandbox you're thinking of, but I'd like to make sure that the untrusted code didn't go into an infinite loop, which means either putting it in a separate process or having a timer that would stop it after a deadline. Also you'd have to make sure that you didn't run any procedure returned by the untrusted code, for the same reason. Also, what if the untrusted code allocated a lot of memory? I suppose you could depend on that all being garbage-collected after it finished, but you'd have to be prepared to handle out-of-memory errors while it was running. It might be easiest to just put it in a separate process, although that would make communication harder. Noah
