This is the mail archive of the guile@cygnus.com mailing list for the guile project.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Date: Fri, 19 Dec 1997 12:36:00 +0100
From: Sascha Ziemann <szi@aibon.ping.de>
X-Mailer: Mozilla 4.04 [en] (X11; I; Linux 2.0.30 i586)
Mime-Version: 1.0
Cc: "Bradley M. Kuhn" <bkuhn@ebb.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-guile@cygnus.com
Precedence: bulk
some time ago there was a discussion about a dynamic language feature,
by which it is possible to split Scheme itself into different parts and
allow only a subset of the full language for a special purpose. This is
necessary for Guile based server applications that allow the user
sending functions to the server to evaluate them (for example range
check functions). Such a server is not able to check wheater the
function really performs a range check or perphaps a system("rm -rf /").
So it is necessary to be able to allow some things and disallow other. A
simple approche could work on module level, but I think it would be also
usefull to be able to disallow even parts of the language (defines for
example).
SLIB now can generate HTML-forms and service CGI's from relational
databases. I need to create some protection before actually putting
CGI scripts online.
The only relevant construct I have been able to find is
"toothless.scm" from the SCSH package "net.tar.gz". Toothless
disables EVAL, LOAD, and all file-I/O.
Can you give examples of situations requiring some, but not all,
protections?