[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: RFC: (ice-9 sandbox)
|
From: |
Andy Wingo |
|
Subject: |
Re: RFC: (ice-9 sandbox) |
|
Date: |
Sun, 02 Apr 2017 12:18:32 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
On Fri 31 Mar 2017 23:41, address@hidden (Ludovic Courtès) writes:
> Andy Wingo <address@hidden> skribis:
>
>> On Fri 31 Mar 2017 13:33, address@hidden (Ludovic Courtès) writes:
>
> [...]
>
>>>> ;; These can only form part of a safe binding set if no mutable
>>>> ;; pair is exposed to the sandbox.
>>>> (define *mutating-pair-bindings*
>>>> '(((guile)
>>>> set-car!
>>>> set-cdr!)))
>>>
>>> When used on a literal pair (mapped read-only), these can cause a
>>> segfault. Now since the code is ‘eval’d, the only literal pairs it can
>>> see are those passed by the caller I suppose, so this may be safe?
>>
>> Who knows. I mean vector-set! can also cause segfaults. I think we
>> should fix that situation to throw an exception.
>
> Yes, that would be nice, though I suppose it’s currently tricky to
> achieve no? Maybe that newfangled ‘userfaultfd’ will save us all.
Maybe :) I mean it's possible now to catch SIGSEGV. I just sent a
patch to guile-devel; wdyt? Needs docs & tests of course.
>>>> (define *all-pure-and-impure-bindings*
>>>> (append *all-pure-bindings*
>>>
>>> Last but not least: why all the stars? :-)
>>> I’m used to ‘%something’.
>>
>> For me I read % as being pronounced "sys" and indicating internal
>> bindings. Why do you use it for globals? Is it your proposal that we
>> use it for globals?
>
> I tend to do that but I realize I must be a minority here. Let it be
> stars then. :-)
I think that like you, I learned Scheme conventions in an ad-hoc way,
apeing conventions from many sources (Guile's own code, Common Lisp,
random Scheme). I would be happy if we could be a bit more purposeful
about our conventions and I would be happy to change mine :) %
can work fine :)
Andy