> On Sep 10, 2018, at 10:09 AM, Christopher Lemmer Webber
> <cweb...@dustycloud.org> wrote:
>
> Jack Firth writes:
>
>> If I make a symbol with `gensym` (or do anything else that creates a new
>> value that's not `eq?` to any other value) in some module, what are the
>> absolute upper limits on my ability to use that symbol within the module
>> without allowing any other modules to get ahold of the symbol? What do code
>> inspectors, namespaces, sandboxes, eval, `unsafe` APIs, the FFI, etc. make
>> possible for malicious code in external modules?
>>
>> Context: I'm exploring a "contract witness" idea whose implementation
>> currently relies on the eq?-ness of opaque struct instances for security.
>> But I vaguely recall hearing once that the The Only Way To Be Sure when it
>> comes to struct encapsulation is to put the definition of a struct inside a
>> lambda, otherwise some sort of nebulous "bad things" are possible in
>> external code that wants to break the invariants of a struct type.
>
> Struct inside a function is certainly a way to do it. You may be
> interested in the idea of sealer/unsealer pairs from the object
> capability world. I borrowed the implementation of this from Jonathan
> Rees' W7 code. Consider this waived into the public domain, under CC0,
> but also with any potential patents waived under the same terms.
>
Does this really differ from Jim Morris’s sealing?
--
You received this message because you are subscribed to the Google Groups
"Racket Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to racket-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
