Does variable-reference->module-source use current-directory? If so, that'd explain this. (And either it would have to change or the handin-server/sandbox would have to.)
Robby On Sat, Jan 14, 2012 at 4:28 PM, Eli Barzilay <[email protected]> wrote: > 40 minutes ago, Robby Findler wrote: >> While we wait for Eli to either fix the bug or to track this down to >> some other part of the system, > > It's not a handin server or a sandbox bug -- it's a problem of some > code that tries to get `exists' access to some directories, which is > usually harmless since the default security guard allows anything. I > can allow these directories by default through the sandbox if someone > tells me which directories should be allowed. (I also don't know what > code causes it.) > > >> applying this diff makes the problem go away for me. >> [remove contract] > > This indicates that something in the contract wrapper does the > access. My guess is that some path manipulation function is used > which checks the current directory. If this is the case, and it's > always the current directory, then I think that the right solution is > to avoid it. (I don't know if there are any security implications to > allow exists access to the current directory, so I prefer to not open > it up.) > > -- > ((lambda (x) (x x)) (lambda (x) (x x))) Eli Barzilay: > http://barzilay.org/ Maze is Life! ____________________ Racket Users list: http://lists.racket-lang.org/users
