It's not urgent, but an item on my TODO list is to port Jonathan Rees' W7 Security Kernel to Racket. Basically this is an object capability security system based on the lambda calculus (as Scheme). Object capability security is a security system which applies the principle of least authority on a programming language level. Jonathan Rees' paper has a good explaination, and is as it turns out, my favorite paper of all time:
http://mumble.net/~jar/pubs/secureos/secureos.html#sect2.2.4 Eventually I would like to write a multiplayer game in Racket where users can write and execute code safely (well, as safely as our current hardware permits given Meltdown/Spectre) to add game mechanics using the W7 mechanisms (as well as Racket's tools to limit space/time execution). In a sense, it would sound as if Racket's #lang support would be perfect for this. But in fact there is a problem with the #lang approach here: while a #lang, once selected, can constrain the language features available, the fact that one can select a #lang itself indicates that doing "#lang w7" is not the right approach. Racket's require/module system also is not a good fit. In W7 a module cannot "reach out" and select what modules it *wants* to have access to... to restrict a module in an object capability system, a module must instead be granted access from the ancestor that instantiated it. I have been trying to figure out how I would do this. As far as I can tell this would be the right approach: - Read in the code with read, which is probably safe enough (or a special reader could be written) - Use units to represent the W7 module system? Units seem to have the right system of composition available. The main problem seems to be that units inherit access to the environment they are defined within... how to read in and compile a unit with no access to its parent environment? I guess the right answer is to make an empty namespace? - Alternately maybe the answer is to more manually do something with namespaces...? PS: Rees posted the original Scheme48 W7 code here: https://github.com/jar398/w7 -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to racket-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
