I thought about the same.
My insights are:
You can 'let all relevant symbols with alternative functions or just NIL.
Adresses 1 & 2
You might want to change the repl in a way that if for example the symbols
car and list are evaluated they return a meaningless number. (It might be
possible to calculate the offset and execute arbitrary lisp code.) 1 & 2
And alternative would be to rewrite the picolisp eval function and only let
it load Symbols from a certain namespace/symbol to function property list.
Regarding 3: the best way to archieve that is putting the execution of this
code in a 'later. You can either cancel them after a certain time via kill
while your game world goes on (ask regenaxer how the open pipe is handled
or wait for the result) 3 execution time aspect.
To controll the space aspect you need rewrite picolisp in picolisp and
maintain your own free list or let all functions the user can call either
increase a counter on each allocation and throw an error if the number of
allocations exhausts the virtual machine capacity.
Am 28.04.2017 04:18 schrieb "Christopher Howard" <
> Hi list, I was wondering if there would be a practical way to safely
> contain a picolisp interpreter (or some subset of commands) inside
> another picolisp program. E.g., suppose you have a computer game
> programmed in PicoLisp, and the main character found a computer terminal
> that allowed him to run some commands or program something in PicoLisp.
> The obvious safety concerns here are:
> (1) You either want to disable disk access, or make it so that disk
> access pulls from a virtual disk in the game.
> (2) You don't want the user to be changing memory in the game itself,
> only his virtual memory.
> (3) You don't want the user to be able to exhaust memory or blow the
> UNSUBSCRIBE: mailto:email@example.com?subject=Unsubscribe