At Mon, 5 Nov 2018 16:26:16 -0600, Alexis King wrote:
> To provide an example, `racket/contract` exports a value called 
> `the-unsupplied-arg`, which is created using the usual structure type 
> generativity trick:
>     (define-struct the-unsupplied-arg ())
>     (define the-unsupplied-arg (make-the-unsupplied-arg))
>     (provide the-unsupplied-arg)
> The constructor is not exported, and this value is intended to be unique. 
> However, if we can arrange for the contract library to be loaded on our 
> terms, 
> we can thwart this encapsulation by supplying it with a weaker inspector:
>     #lang racket/base
>     (define the-unsupplied-arg
>       (parameterize ([current-inspector (make-inspector)])
>         (dynamic-require 'racket/contract 'the-unsupplied-arg)))
>     (define-values [info skipped?] (struct-info the-unsupplied-arg))
>     (define another-unsupplied-arg ((struct-type-make-constructor info)))
>     (equal? the-unsupplied-arg another-unsupplied-arg) ; => #t
>     (eq? the-unsupplied-arg another-unsupplied-arg)    ; => #f

Later parts of the thread have touched on this, but the general rule is
that if you control the environment where code is loaded, then you can
do anything to that code. After all, if you get to pick the
environment, then you could use an interpreter that you wrote from
scratch and that gives you whatever capabilities you want.[*]

If you don't control the environment of `racket/contract`, then you
might not be able to break in this way. It depends on how the
environment is set up, though. If `racket/contract` is loaded before
your code, then it's too late to change the inspector, but maybe you
can load `ffi/unsafe` and still do whatever you want. Or maybe your
code is prevented from loading `ffi/unsafe` directly due to a
code-inspector change, but some sandbox bug or a bug in a trusted
library lets you get access to unsafe operations anyway.

Chaperones and inspectors provide a set of ground rules for access, and
`the-unsupplied-arg` is unique for a setting that respects those rules.
A program can subvert the rules through outside control or through
environment weaknesses. We've tried to build mechanisms that absolutely
enforce the rules, and it works well enough for some purposes, but
offering real guarantees turns out to be impractical for now.

It seems possible that if a sandbox is working right and if unsafe
operations are truly inaccessible, then maybe currently a chaperone is
enough to guard against even a superior inspector. But that doesn't
seem like a good solution to me. Instead, it makes me think that there
should be an operation that lets a sufficiently powerful inspector pull
apart chaperones.

[*] There's some work on encrypted computation where the environment
    executing some code can't know everything about the code. I'm guess
    that's not where you're trying to go, though.

You received this message because you are subscribed to the Google Groups 
"Racket Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
For more options, visit

Reply via email to