[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [guile-user] Sandboxing?

From: Martin Grabmueller
Subject: Re: [guile-user] Sandboxing?
Date: Tue, 13 Mar 2001 08:27:06 +0100

> From: "Bobby D. Bryant" <address@hidden>
> Date: Mon, 12 Mar 2001 20:22:48 +0600
> I realize that there's probably no protection against things such as a
> recursive procedure that builds up a list until memory is exhausted and
> the application crashes, but I would at least like to protect against
> the most obvious dangers, such as modifying or deleting files in your
> directory tree, changing your password, sending out e-mail in your name,
> etc.

Additionally to Mikael's suggestion (safe environments):

Guile contains stack checking code, so that recursive procedures won't
occupy all memory.  Consider the following:

guile> (define (rec) (rec) 1) 
guile> (rec)
ERROR: Stack overflow
ABORT: (stack-overflow)

The remaining problem I see is the construction of large data
structures, until virtual memory is exhausted.  Maybe we should
provide the functionality to set an upper limit on Guile's memory
usage, and trap if it's exceeded.  I think that should not be too
expensive, since we already check if malloc() and friends return NULL.

And then, of course, could a user just enter

((lambda (x) (x x)) (lambda (x) (x x)))

and your application hangs until a signal arrives...


reply via email to

[Prev in Thread] Current Thread [Next in Thread]