This is the mail archive of the guile@cygnus.com mailing list for the guile project.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
> From: Maciej Stachowiak <mstachow@alum.mit.edu>
> Mark E. Roland wrote:
> >
> > the server has to be able to evaluate
> > the function in a closed environment; in particular, with no
> > access to system calls. Does it make sense to use Guile for this?
>
> Guile does not currently support a "safe" evaluation environment.
> However, the Guile module system should be powerful enough to set
> one up. I would encourage you to do this work and contribute it
> to Guile rather than writing yet another embeddable lisp interpreter.
It seems like too difficult an assignment to ask a newcomer to
write the new Guile module system (code named Godot, guess why).
Would it not suffice to go through the source and remove
the places where the initialization code gives Scheme names
to procedures that mess with files?
Actually, I suppose that means changing snarf.h to add
SCM_PROC_TOUCHES_SYSTEM (ordinarily same as SCM_PROC),
using that throughout where needed, patching the Scheme
coded that is loaded at boot, ... Could be work, but it
has to be easier than producing Godot, or starting from
scratch. Still could be generally useful; even it the new
module system works perfectly, somebody has to go
through and decide which procs are safe and which not.
Or do safety checks have to be at run-time? Never mind.
--
--Keith
This mail message sent by GNU emacs and Linux.
Food, Shelter, Source code.