This is the mail archive of the guile@sourceware.cygnus.com mailing list for the Guile project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

RE: Safe Guile?


The suggestions that Marius makes would probably be a good way if that
approach was available to me, but the server is a single process, where
anyone can log in as long as they create a character in the game. Those who
(will) have access to work with scheme are raised to 'builder' status, where
they have the proper permissions to be able to extend the game world by
creating new areas to play in, complete with monsters, treasures, etc etc,
and it is these created monsters that I would like to be able to control
using scheme. Obviously, we _could_ make sure to check each form before it
is allowed to execute, but this would severely hinder the builders'
possibility to test what they work on, since those of us who are trusted
enough to do the checking are very few.

Basically, the premises are:
	1. The forms may access anything that only changes program flow or
modifies data.
	2. Also, most procedures _we_ have created should be available.
	3. Preferrably, only data that the form itself defines should be
modifiable.

In the worst case, a scenario where only 1. is fulfilled, and the form can
access any procedures we have defined ourselves, will work. It would still
be better than the extremely primitive kind of scripting we use now.

For the second point here, I could imagine that creating a 'security system'
of our own would work, as we can have security checks in all our own
procedures. However, to me there still seems to be a problem in that as far
as I know, no procedure is hindered from accessing data external to that
procedure. Thus, it could potentially change its own permissions. 
It needs to be said that I'm a complete beginner when it comes to scheme
though.

/Johan
> -----Original Message-----
> From:	thi [SMTP:ttn@mingle.glug.org]
> Sent:	Tuesday, November 09, 1999 10:00 PM
> To:	knotwell@f5.com
> Cc:	guile@sourceware.cygnus.com
> Subject:	Safe Guile?
> 
> knotwell writes:
> 
>  > I think you could use the undefine macro to accomplish what you need.
>  > Perhaps others on the list could say whether it's a good idea or
>  > not. . .
> 
> please see
> 
>   http://sourceware.cygnus.com/ml/guile/1998-09/msg00179.html
> 
> where marius vollmer disabuses me of an improper implementation and
> tells of the preferred way to get a safe environment.
> 
> cheers,
> thi

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]