[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Texmacs-dev] Safe modules for TeXmacs

From: Giovanni Piredda
Subject: [Texmacs-dev] Safe modules for TeXmacs
Date: Sat, 9 May 2020 20:55:38 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0

This is a bit long, please be patient :-), I hope it is useful.

A few weeks ago Massimiliano suggested me to look into how to limit which commands can be executed in a piece of otherwise arbitrary Guile code (http://lists.texmacs.org/wws/arc/texmacs-users/2020-03/msg00146.html and following). This would help make safer some Scheme programs for TeXmacs.

In that discussion we were referring to a code which serves to send to TeXmacs a graphics expression. Since I want that the graphics expression be arbitrary, then the code calls "load" onto a user-specified file which "should" contain graphics commands.

I have looked into the filtering of commands and found a way to do it, starting from https://www.mail-archive.com/address@hidden/msg00963.html (found with a Google search). I write here about it to get if possible some suggestions; not everything works and I have to think about it quite a while longer to make something sensible. The questions are after the description.

There is another way based on (make-root-module) (I found the code for it in a past version of Guile) but one thing at a time. I am using Guile 2.2.3.

--- Description

make-module defines a module without bindings, one has to add them.

I tested:

(define (make-pure-math-module)
               (let ((m (make-module)))
               (module-define! m '* *)
               (module-define! m 'load load)

following up with a call

(eval '(load "testEvalLoad.scm") (make-pure-math-module))

where testEvalLoad.scm contains

(* 2 2)

or it contains

(+ 2 2)

The loading of the file with the first command succeeds, with the second fails: so far, so good.

Now the

--- Questions:


I cannot add either define or set! to the bindings:

(define (make-pure-math-module)
               (let ((m (make-module)))
               (module-define! m '* *)
               (module-define! m 'load load)
           (module-define! m 'define define)

fails with

Syntax error:
unknown location: unexpected syntax in form define

How to circumvent this? Having define available would help.


Maybe incompatible with 1)

The language that comes out of the filtering should not be too "strong": I do not want that it is able to redefine "forbidden" functions using "allowed" ones. Any ideas? Perhaps I should keep "define" out of it?

reply via email to

[Prev in Thread] Current Thread [Next in Thread]