What about implementing a fake filesystem instead of allowing s7 to access the real one? In this way it will be effectively sandboxed. This is the approach used by emscripten to have ports work in webasm.
Max > On 3 Feb 2023, at 13:43, David St-Hilaire <sthilaire.da...@gmail.com> wrote: > > I think it's mostly writing to files that is dangerous but disabling reading > would be important too, if not only for forbidding "breaking" the fantasy > console barriers. I looked at doing some changes but I was really not sure > how to do it properly. If you would be generous enough to do the needed > changes, it would be really amazing! > > Thank you so much for your help! > > On Fri, Feb 3, 2023 at 8:32 AM <b...@ccrma.stanford.edu > <mailto:b...@ccrma.stanford.edu>> wrote: >> Do you need to disallow reading a file? If it's just >> creating or altering a file that needs to be blocked, >> you could redirect fopen and fwrite (in s7.c) to >> functions that raise an error. I don't think s7 uses >> creat, open (except with O_RDONLY), or write. Also >> build it with WITH_C_LOADER=0 (to disallow dynamic >> loading of C object code), and maybe WITH_SYSTEM_EXTRAS=0. >> Hmmm... as I type this, this seems interesting -- >> maybe I'll tackle it later today. It might be >> equally easy to disallow reading a file -- fread etc. >> Oh, and for fopen, check the mode doesn't have "w" or "x" >> or whatever else might change a file. I'm probably >> forgetting something obvious. >> >> (There's also the sandbox procedure in stuff.scm, but >> it's been years since I looked at it). >> >> > > > -- > David > _______________________________________________ > Cmdist mailing list > Cmdist@ccrma.stanford.edu <mailto:Cmdist@ccrma.stanford.edu> > https://cm-mail.stanford.edu/mailman/listinfo/cmdist
_______________________________________________ Cmdist mailing list Cmdist@ccrma.stanford.edu https://cm-mail.stanford.edu/mailman/listinfo/cmdist
