Noah Lavine <noah.b.lav...@gmail.com> writes: >> Can you think of anything else that would need to be fixed, besides this >> problem with forgeable syntax-objects? > > It depends how much of a sandbox you're thinking of, but I'd like to > make sure that the untrusted code didn't go into an infinite loop, > which means either putting it in a separate process or having a timer > that would stop it after a deadline. Also you'd have to make sure that > you didn't run any procedure returned by the untrusted code, for the > same reason. > > Also, what if the untrusted code allocated a lot of memory? I suppose > you could depend on that all being garbage-collected after it > finished, but you'd have to be prepared to handle out-of-memory errors > while it was running. > > It might be easiest to just put it in a separate process, although > that would make communication harder. > Racket has a facility that achieves sandboxing (with the above property of CPU and RAM usage bounds), i believe:
http://docs.racket-lang.org/reference/Sandboxed_Evaluation.html Regards, Rotty -- Andreas Rottmann -- <http://rotty.yi.org/>
