Matthew Keeter <address@hidden> writes:
I’m currently embedding Python in a C / C++ application that evaluates
user-provided scripts.
Obviously, this is terribly unsafe: user-provided scripts can execute
arbitrary malicious actions,
and there’s no good way to sandbox Python in a desktop context.
If I were to replace Python with Guile, is there a way to sandbox it
so that arbitrary (perhaps
malicious) user-provided scripts can be run safely?
So you need to implement a language that won't provide any unwanted
OS/platform API and that won't provide any way to generate code
accessing
to any unwanted feature, and that still allows user to write useful
programs, while making no mistake; and since it will run on an unsafe
platform, how will you ensure that a program written in your language
will never be able to have any nefarious side effects?