Ah, ok. An inspector prevents a sandbox from getting the namespace of a TR module that was created outside the sandbox (in the same way that it prevents access to `ffi/unsafe` as defined outside the sandbox), but it doesn't prevent access to the namespace of a module defined inside the sandbox.
I don't immediately see the solution. I don't think making `eval` always add `#%top-interaction` would not solve the problem, because `#%top-interaction` could be redefined or gotten around by other reflective operations. At Mon, 18 Jul 2016 16:52:35 -0400, Leif Andersen wrote: > Oh? Then should we disable it by default in Racket Sandboxes? (Since this > could be used on say, pasterack:) > > http://pasterack.org/pastes/16888 > > > ~Leif Andersen > > On Mon, Jul 18, 2016 at 4:34 PM, Matthew Flatt <[email protected]> wrote: > > > FWIW, `module->namespace` is privileged and guarded by an inspector in > > the same way as `(require ffi/unsafe)`. > > > > At Mon, 18 Jul 2016 16:20:18 -0400, Sam Tobin-Hochstadt wrote: > > > This is the same as this bug: > > > > > > http://bugs.racket-lang.org/query/?cmd=view%20audit-trail&database=default&pr=1 > > > 4773 > > > > > > I think that `eval` should automatically wrap things in the > > > `#%top-interaction` of the relevant namespace, which would help in > > > some cases, but in general, yes, the top-level is hopeless. > > > > > > Sam > > > > > > On Mon, Jul 18, 2016 at 4:14 PM, Leif Andersen <[email protected]> > > wrote: > > > > #lang racket > > > > > > > > (require syntax/location) > > > > > > > > (module foo typed/racket > > > > (: f (-> Byte Integer)) > > > > (define (f x) > > > > (+ x 1)) > > > > > > > > (set! f (λ ([x : Byte]) > > > > (+ x 2))) > > > > (f 3)) > > > > > > > > (require 'foo) > > > > ((eval 'f (module->namespace (quote-module-path foo))) "world") > > > > > > > > > > > > You're welcome. (Also came up with Alex and Milo) > > > > > > > > Does the top level make Typed Racket hopeless? > > > > > > > > ~Leif Andersen > > > > > > > > -- > > > > You received this message because you are subscribed to the Google > > Groups > > > > "Racket Users" group. > > > > To unsubscribe from this group and stop receiving emails from it, send > > an > > > > email to [email protected]. > > > > For more options, visit https://groups.google.com/d/optout. > > > > > > -- > > > You received this message because you are subscribed to the Google Groups > > > "Racket Users" group. > > > To unsubscribe from this group and stop receiving emails from it, send an > > > email to [email protected]. > > > For more options, visit https://groups.google.com/d/optout. > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Racket Users" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > For more options, visit https://groups.google.com/d/optout. > > -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
