Hi Alex,

I don't think it's possible to make PicoLisp somehow safer, it is unsafe
by design.  The only safe option is not to allow execution of any
untrusted code.

> Alexander Burger <a...@software-lab.de> writes:
>    (catch '(NIL)
>       (let Res
>          (in "/dev/null"
>             (let (call prog  load prog  in prog  out prog  pipe prog  dir 
> prog)
>                (eval (any Str)) ) )
>          (prin "-> ")
>          (println Res) ) )
>> This is the delicate/time consuming part: testing, trying to crack a
>> «safe» interp.

even if you bind those symbols to 'prog', an attacker could set them to
the original values, which are simple numbers.  It should be possible to
find the original values from another instance of picolisp, for example.

Or simply call something that crashes PicoLisp, e.g.

: (setq hi 0)
-> 0
: (hi)
Segmentation fault

My understanding is, that if you can crash a program, it is likely that
there is a way to "own" it.  It just might be more complicated to set up
stuff the right way just before the crash.


UNSUBSCRIBE: mailto:picolisp@software-lab.de?subject=Unsubscribe

Reply via email to