On Sun 10 Nov 2019 10:36, Konrad Hinsen <konrad.hin...@fastmail.net> writes:
> One direction could be to add a sandboxing feature to Guile, which would > be nice-to-have for other uses as well if Guile is to become a > general-purpose systems scripting language. There are some interesting > ideas in shill (http://shill.seas.harvard.edu/) for this scenario. I wrote this for that purpose: https://www.gnu.org/software/guile/manual/html_node/Sandboxed-Evaluation.html However I can't recommend it as a robust security layer because of the weaknesses in the heap allocation limit; discussed in the page above. I agree that Shill has some great patterns that go beyond what Guile or Guix has, and that adopting some of them is a really interesting idea :-) I admit that I was a bit depressed at the impact that Spectre et al has had on language-level sandboxing abstractions :-( and haven't much pursued this line since then. In practice Guix's "containerized" build jobs are much more effective than in-language barriers. Cheers, Andy
