Understood. Thanks for sharing that. On Sun, Mar 23, 2014 at 1:33 PM, Panicz Maciej Godek <[email protected]> wrote: > Hi! > > 2014-03-23 19:07 GMT+01:00 Grant Rettke <[email protected]>: >> On Sat, Nov 30, 2013 at 2:26 PM, Panicz Maciej Godek >> <[email protected]> wrote: >>> And hence my question: is there any way to restrict >>> the execution environment of eval, e.g. to specify >>> which symbols should be available? (For security >>> reasons, I wouldn't want functions like "system" >>> or "exit" to be present in that environment) >>> >>> Or perhaps there's some better way to do that? >> >> How did you end up achieving your goal? > > Oh, with Guile it turned out to be a piece of cake ;] > It's thanks to first-class modules and the fact that a module can be > provided as the second argument to eval. > Guile actually has e.g. (ice-9 safe-r5rs), which exports a safe subset > of Scheme, and (ice-9 null), which provides the most basic syntactic > bindings and no functions whatsoever. > > So it is possible to either create a module in runtime using > make-fresh-user-module and add all the necessary bindings, or to have > some regular module prepared and obtain it using resolve-module. > > This is more or less how I did it, but I have to admit that I did > neglect the security issues and designed the system to work rather > than to make it hacker-proof. > > The bad news is that the module API isn't officially documented and > one needs to read the boot-9.scm file to figure out how it works (the > code is a good read, though). > > HTH
-- Grant Rettke | ACM, AMA, COG, IEEE [email protected] | http://www.wisdomandwonder.com/ “Wisdom begins in wonder.” --Socrates ((λ (x) (x x)) (λ (x) (x x))) “Life has become immeasurably better since I have been forced to stop taking it seriously.” --Thompson
