[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: restricting functionality
From: |
Rob Browning |
Subject: |
Re: restricting functionality |
Date: |
20 Aug 2001 15:22:51 -0500 |
User-agent: |
Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7 |
Klaus Schilling <address@hidden> writes:
> Is it hard to build an embedded guile-based scheme script
> interpreter with restricted functionality? for security issues the
> naokos gamedriver should only interpretscheme extensions that don't
> access directly system ressources in a way different from allowed by
> the c-written core. thus file access, system calls, networking,
> dynamic linking, debugging and the like need to be disabled. Also,
> is there a way to set a timeout for eval-type functions, in order to
> prevent ressource hogs from insecure origin?
With the upcoming guile 1.6 (which should be released in the next week
or two), you may be able to do what you want. It supports safe
environments, and so you can create an environment that shouldn't have
access to unsafe functions. Then you can insert your own functions
into that environment and evaluate forms there whenever you like. See
examples/safe/ in the current CVS source tree for examples.
Hope this helps.
--
Rob Browning
rlb @defaultvalue.org, @linuxdevel.com, and @debian.org
Previously @cs.utexas.edu
GPG=1C58 8B2C FB5E 3F64 EA5C 64AE 78FE E5FE F0CB A0AD