Le 2015-11-21 22:39, Pascal J. Bourguignon a écrit :
Matthew Keeter <matt.j.kee...@gmail.com> writes:
I’m currently embedding Python in a C / C++ application that evaluates
user-provided scripts.
Obviously, this is terribly unsafe: user-provided scripts can execute
arbitrary malicious actions,
and there’s no good way to sandbox Python in a desktop context.
If I were to replace Python with Guile, is there a way to sandbox it
so that arbitrary (perhaps
malicious) user-provided scripts can be run safely?
So you need to implement a language that won't provide any unwanted
OS/platform API and that won't provide any way to generate code
accessing
to any unwanted feature, and that still allows user to write useful
programs, while making no mistake; and since it will run on an unsafe
platform, how will you ensure that a program written in your language
will never be able to have any nefarious side effects?
If you want to go that route I recommend you have look at GNU epsilon
[1][2]
which is basically a framework for building languages. It's still alpha.
HTH
[1] https://www.gnu.org/software/epsilon/
[2] http://lists.gnu.org/archive/html/epsilon-devel/