s c h e m a t i c s : c o o k b o o k

/ Cookbook.DynamicUntrustedEval

This Web


WebHome 
WebChanges 
TOC (with recipes)
NewRecipe 
WebTopicList 
WebStatistics 

Other Webs


Chicken
Cookbook
Erlang
Know
Main
Plugins
Sandbox
Scm
TWiki  

Schematics


Schematics Home
Sourceforge Page
SchemeWiki.org
Original Cookbook
RSS

Scheme Links


Schemers.org
Scheme FAQ
R5RS
SRFIs
Scheme Cross Reference
PLT Scheme SISC
Scheme48 SCM
MIT Scheme scsh
JScheme Kawa
Chicken Guile
Bigloo Tiny
Gambit LispMe
GaucheChez
Lambda the Ultimate
TWiki.org

Evaluating untrusted code

Problem

We want to evaluate code outside our control (e.g., deserializing s-expressions in data files).

Solution

Restrict the evaluated code so it has no file or network access: 

(define (safe-eval sxp)
  (parameterize ([current-security-guard
                  (make-security-guard (current-security-guard)
                                       (lambda (procname path access)
                                         (error procname
                                                "No file access"))
                                       (lambda (procname host port conn)
                                         (error procname
                                               "No network access")))])
    (eval sxp)))

Discussion

This is a nice recipe. Are these security guards v300 specific? There is more to say in this recipe: one can prevent 'dangerous' functions from being executed by evaluating the code in a namespace that doesn't include the functions in question. -- NoelWelsh - 09 Dec 2004

Moved this recipe to DynamicChapter. Please help move other related recipes out of IdiomChapter and into DynamicChapter. -- NoelWelsh - 15 Apr 2005

Comments about this recipe

You might also like to try to white-list the allowed functions. I've been using the following code. I don't know if there's some clever way to fool this, but it should allow finer control of the untrusted code. Please post any corrections. 

(eval (cleanse sxp))
(define cleanse (lambda ( sxp)
                  (if (proper-list? sxp)
                      (begin
                        (map (lambda (v) (if (proper-list?  v) (cleanse v))) sxp)
                        (check-allowed-funcs (car sxp))))))
(define check-allowed-funcs (lambda  (f)
                              (case f
                                ((my-define my-apply lambda + - / * whatever) (display (format "~a ok~%" f)))
                                (else (display (format "~a not allowed!~n" f)) (exit)))))
-- Jepri - 21 Nov 2005

Contributors

-- DanielSilva - 09 Dec 2004

CookbookForm
TopicType: Recipe
ParentTopic: DynamicRecipes
TopicOrder: 999

 
 
Current Rev: r1.5 - 21 Nov 2005 - 12:45 GMT - JepriJepri, Revision History:Diffs | r1.5 | > | r1.4 | > | r1.3
Copyright © 2004 by the contributing authors. All material on the Schematics Cookbook web site is the property of the contributing authors.
The copyright for certain compilations of material taken from this website is held by the SchematicsEditorsGroup - see ContributorAgreement & LGPL.
Other than such compilations, this material can be redistributed and/or modified under the terms of the GNU Lesser General Public License (LGPL), version 2.1, as published by the Free Software Foundation.
Ideas, requests, problems regarding Schematics Cookbook? Send feedback. / You are Main.guest