I have a GUI app http://www.lightandmatter.com/ogr/ogr.html in which I've just implemented a very rudimentary extension mechanism using Guile. I'm not an experienced lisp programmer at all. This has been my first use of lisp beyond "hello, world."
The purpose of my extension is to let users run their own arbitrary code in certain situations. However, this means that someone could in principle create a Trojan horse attack in which they embed some malicious Guile code in a document and send it to someone else and try to get them to open the document. I see that Guile 2.2.1 has a sandboxing mechanism: https://www.gnu.org/software/guile/manual/html_node/Sandboxed-Evaluatio n.html However, this seems entirely focused on preventing excessive use of resources. Is there any way to have Guile run in a sandbox similar to the javascript or java applet sandbox, where it doesn't have access to the file system and so on? E.g., could I delete certain parts of the libraries before handing control over to the user-supplied code, or can the interpreter be started up without some of the standard libraries? I'm currently running Guile by starting up an interpreter through a shell for each evaluation of the user's function: https://github.com/bcrowell/opengrade/blob/master/Extension.pm Thanks in advance for any suggestions! Ben Crowell