From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: Mike Gran <spk121@yahoo.com>
Newsgroups: gmane.lisp.guile.devel
Subject: Re: RFC: (ice-9 sandbox)
Date: Fri, 31 Mar 2017 14:41:14 +0000 (UTC)
Message-ID: <394855873.1175597.1490971274369@mail.yahoo.com>
References: <87r31daj8n.fsf@pobox.com>
Reply-To: Mike Gran <spk121@yahoo.com>
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Trace: blaine.gmane.org 1490971302 22748 195.159.176.226 (31 Mar 2017 14:41:42 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Fri, 31 Mar 2017 14:41:42 +0000 (UTC)
To: Andy Wingo <wingo@pobox.com>, "guile-devel@gnu.org" <guile-devel@gnu.org>
Original-X-From: guile-devel-bounces+guile-devel=m.gmane.org@gnu.org Fri Mar 31 16:41:37 2017
Return-path: <guile-devel-bounces+guile-devel=m.gmane.org@gnu.org>
Envelope-to: guile-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <guile-devel-bounces+guile-devel=m.gmane.org@gnu.org>)
	id 1ctxjy-0004gD-Us
	for guile-devel@m.gmane.org; Fri, 31 Mar 2017 16:41:27 +0200
Original-Received: from localhost ([::1]:41392 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <guile-devel-bounces+guile-devel=m.gmane.org@gnu.org>)
	id 1ctxk3-0008DX-57
	for guile-devel@m.gmane.org; Fri, 31 Mar 2017 10:41:31 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:36766)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <spk121@yahoo.com>) id 1ctxjy-0008DS-9y
	for guile-devel@gnu.org; Fri, 31 Mar 2017 10:41:27 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <spk121@yahoo.com>) id 1ctxju-0001hE-54
	for guile-devel@gnu.org; Fri, 31 Mar 2017 10:41:26 -0400
Original-Received: from nm22-vm0.bullet.mail.ne1.yahoo.com ([98.138.91.60]:53091)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.71)
	(envelope-from <spk121@yahoo.com>) id 1ctxjt-0001gX-VV
	for guile-devel@gnu.org; Fri, 31 Mar 2017 10:41:22 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
	t=1490971279; bh=rsVi4F469PBBrcup3QnbKiqTjoaD4BVFHELvEdn9mfs=;
	h=Date:From:Reply-To:To:In-Reply-To:References:Subject:From:Subject;
	b=h96rAZas3KPXIgylG++dEkwdMp/Pm3PLOjkHZn6Gn7DzsEpbHfS30N82grBS1JkiYxqPGX/n6ByrwyBEVGaJOvi854m+gMiLXqdwZQMivya+KAGwOGAzvxYv/3iLfPgXB6yxejAZJnlMlLt0nxPsvsiXcIH/Mx+e8xX0mjgngxwa8UWziXx7tZw/Ypf67pHvZsRhhiMASlI9a7RfUIMLlSDz5l2/hD1bPtOTbeoBn97sTpBsFr1/HkjetO/EajRGjCTLJ+y8P6WtPgXJiEmX/CcfJ7nPeNt+ukvE1U60ycz5t7MmlbogTnhDwtYIMHQEg6O0d3lrYDxCPNXD49MD8A==
Original-Received: from [98.138.226.179] by nm22.bullet.mail.ne1.yahoo.com with NNFMP;
	31 Mar 2017 14:41:19 -0000
Original-Received: from [98.138.89.165] by tm14.bullet.mail.ne1.yahoo.com with NNFMP;
	31 Mar 2017 14:41:19 -0000
Original-Received: from [127.0.0.1] by omp1021.mail.ne1.yahoo.com with NNFMP;
	31 Mar 2017 14:41:19 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 377616.52009.bm@omp1021.mail.ne1.yahoo.com
X-YMail-OSG: Rv2buHEVM1mv9N40ZlAKBScGm9ILcUz0pXMEp5xPSgwkDeXAC3ihO3a1.gUFZ_P
	IZlJ_RAyVrRyc2wISRZ3GY1TCiEo.RvoNStjPxA56_lQljg2XG4uo2f8EDCcY.Dy_Gkl3lHgFm.u
	FqHUJ3Ql19rGDvdC.K_78Shbz40tIUyCdTswcCN4xYD5MIKrHUzIZy1li32dlKKhkjxjn3dD3Wme
	Eek21htw0CVCV7bVruXRHQq92Gt1rlW5xsIEPlSaN5GDbGbKkTql_PyltQWrZxC.AUX0rqqY_xee
	u3JNU1qDydaeDJmLRbsAwvLgFPnAzw2lywl7uPCAWDxGhzoR22dItTvh.vvOzzCU_JYXrNHt4TAJ
	Yf4wvRySuHlRq22.OTKQt4hqtN.ZKfDaj8VyyCJ23Uec9Bkaq6MH9eJPYcrx2oW8OTmHqps3IwQr
	Jw4NxkHpVfH8n8UTXCiM5ThVAorZSK4CcSZnwshTMAiQfv6qAZ6FURCLW1LbzbQnCfcVdNPSLUgD
	oy_z.9dA1ETOJoEX2iQ2e84aaBx7pPtrVE05II0HvKUUAdj2Vzse4saKkAgV13g--
Original-Received: from jws200190.mail.ne1.yahoo.com by
	sendmailws129.mail.ne1.yahoo.com;
	Fri, 31 Mar 2017 14:41:19 +0000; 1490971279.025
In-Reply-To: <87r31daj8n.fsf@pobox.com>
X-Mailer: WebService/1.1.9272 YahooMailNeo Mozilla/5.0 (Windows NT 10.0; Win64;
	x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79
	Safari/537.36 Edge/14.14393
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [fuzzy]
X-Received-From: 98.138.91.60
X-BeenThere: guile-devel@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "Developers list for Guile,
	the GNU extensibility library" <guile-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guile-devel>,
	<mailto:guile-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guile-devel/>
List-Post: <mailto:guile-devel@gnu.org>
List-Help: <mailto:guile-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guile-devel>,
	<mailto:guile-devel-request@gnu.org?subject=subscribe>
Errors-To: guile-devel-bounces+guile-devel=m.gmane.org@gnu.org
Original-Sender: "guile-devel" <guile-devel-bounces+guile-devel=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.lisp.guile.devel:19078
Archived-At: <http://permalink.gmane.org/gmane.lisp.guile.devel/19078>




?> On Friday, March 31, 2017 2:28 AM, Andy Wingo <wingo@pobox.com> wrote:


> Any thoughts?  I would like something like this for a web service that

> has to evaluate untrusted code.
Neat!  Here are some random, tangential ideas.
While this might be a good route toward a pragmatic definition of
"safe," a route to a stronger version of safety might be trying
to compile a Guile against the CloudABI C library -- which prevents
OS interaction altogether --  and then use something like inetd to
to communicate with your safe guile.
As a middle ground, there are the --disable-posix,
--disable-networking, and --disable-regex options, to consider.
-Mike Gran