[Chicken-users] Packaging libraries securely

[Tony Sidaway]

This is basic stuff. I think it's a bit ridiculous that I'm asking
this question so late in my project.

Part of my executable, written by me, needs to do all kinds of hairy,
scarey stuff with my native operating system, an external website
(Wikipedia, actually), but another part of my executable is a main
program written by a user, which I link together with my framework
(which I call Iron Chicken).

This is neat because it means the Wiki contents can easily be queried
in Scheme.  A typical scenario on a large wiki like English Wikipedia
(getting on for two million articles) is that the user will write a
program on a new page in his private page space (his userspace, to use
the Wikipedia jargon).  and a bot will detect this page, compile it as
a Scheme program and execute it.  The output is fed out to a wiki page
so that it becomes part of the collaborative wiki process.

The problem is that I obviously don't want random people walking up
and writing a script that will be able, for instance, to send spam
emails.   And I don't want them to be able to open a file for writing
on my local system (at least for now, until I work out how to run the
Chicken program in a chroot jail.)

My current approach is to compile the user script with an included
preamble which redefines important stuff.  For instance:

(define-macro (dummy name)
  `(define ,name (lambda x (force (delay (begin (display (format "~a
is not available~%" ',name)) #f))))))

(dummy open-input-file)
(dummy call-with-output-file)

And so on.

It seems to me that I need to do this otherwise just about everything
in the namespace will be available at runtime, co-optable for bad
stuff.

Or am I just being a silly sausage?  Is there a better way of doing this?