Hi! 2014-03-23 19:07 GMT+01:00 Grant Rettke <[email protected]>: > On Sat, Nov 30, 2013 at 2:26 PM, Panicz Maciej Godek > <[email protected]> wrote: >> And hence my question: is there any way to restrict >> the execution environment of eval, e.g. to specify >> which symbols should be available? (For security >> reasons, I wouldn't want functions like "system" >> or "exit" to be present in that environment) >> >> Or perhaps there's some better way to do that? > > How did you end up achieving your goal?
Oh, with Guile it turned out to be a piece of cake ;] It's thanks to first-class modules and the fact that a module can be provided as the second argument to eval. Guile actually has e.g. (ice-9 safe-r5rs), which exports a safe subset of Scheme, and (ice-9 null), which provides the most basic syntactic bindings and no functions whatsoever. So it is possible to either create a module in runtime using make-fresh-user-module and add all the necessary bindings, or to have some regular module prepared and obtain it using resolve-module. This is more or less how I did it, but I have to admit that I did neglect the security issues and designed the system to work rather than to make it hacker-proof. The bad news is that the module API isn't officially documented and one needs to read the boot-9.scm file to figure out how it works (the code is a good read, though). HTH
