This is the mail archive of the guile@cygnus.com mailing list for the guile project.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
On Sun, Apr 12, 1998 at 06:30:23PM +0200, Mikael Djurfeldt wrote: > (Please send bug-reports to bug-guile@gnu.org.) Ah, oops, sorry. Well, not that there'd be overwhelming traffic here anyway.. Vaguely relating to the previous, I'm doing a server thingy that uses the guile evaluator for processing incoming messages. That is, the client sends expressions, and the server reads and evals them. The problem is that I definitely want to restrict the procedures that the client can invoke, for security reasons. That is, there should only be r4rs without any sort of i/o available, or any other system calls, for that matter. What is the best way to do this? After some inspection, it seems that defining a new module and then adding by hand all the r4rs bindings (and some custom ones) into it would work. And then just basically (write (eval-in-module (read sockport) my-module) sockport) Is explicitly listing each variable I want to be exported to this new module environment really the only option? Or, to put it another way, is there no other way of disabling guile's system call bindings? If there isn't this seems like a bit of a deficiency to anyone wishing to use guile simply as an interpreter extension that works securely. Maybe somehow cram the internal procedures under the module system too, or something..? Regards, Lauri Alanko la@iki.fi