I have a GUI app
http://www.lightandmatter.com/ogr/ogr.html
in which I've just implemented a very rudimentary extension mechanism
using Guile. I'm not an experienced lisp programmer at all. This has
been
my first use of lisp beyond "hello, world."
The purpose of my extension is to let users run their own arbitrary
code
in certain situations. However, this means that someone could in
principle
create a Trojan horse attack in which they embed some malicious Guile
code in a document and send it to someone else and try to get them to
open the document.
I see that Guile 2.2.1 has a sandboxing mechanism:
https://www.gnu.org/software/guile/manual/html_node/Sandboxed-Evaluatio
n.html
However, this seems entirely focused on preventing excessive use of
resources. Is there any way to have Guile run in a sandbox similar to
the javascript or java applet sandbox, where it doesn't have access to
the file system and so on? E.g., could I delete certain parts of the
libraries
before handing control over to the user-supplied code, or can the
interpreter
be started up without some of the standard libraries?
I'm currently running Guile by starting up an interpreter through a
shell
for each evaluation of the user's function:
https://github.com/bcrowell/opengrade/blob/master/Extension.pm
Thanks in advance for any suggestions!
Ben Crowell
