This is the mail archive of the guile@cygnus.com mailing list for the guile project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: Another use for Guile/Scheme/Lisp


Marius Vollmer writes:

 > ttn@netcom.com writes:
 >
 > > one way: [code deleted]
 > 
 > This is not at all safe.  In fact, it is pretty naive.

you're right: (a) a form could have an embedded procedure that is
unsafe; (b) aliases for unsafe procedures are easy to create; (c) the
code as presented does not address authentication.  i'm sure there are
other reasons.

i'm going to now guess that a "safe" eval must necessarily be
implemented as a primitive.  still, i don't really believe it and
continue to wonder if there is any way one could create `safe-eval'
from just Scheme?

 > > another way is to create a local environment via module system, etc.
 > 
 > I don't think that the Java way of ebforcing security is the right
 > way.  The traditional way of providing security is by given processes
 > some `user identity' and then deciding at the lowest level of the OS
 > whether that process os allowed to do something or not.  These
 > mechanisms should be used by all security related things on the
 > system.
 > 
 > When some remote server wants to execute some code on your system,
 > that server has to log in just like any other user.

authentication is another safety measure, it's true.  using traditional
approaches makes sense, too.  for the purposes of this discussion,
however, i'm assuming that that layer can be handled independently.

thi