From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: ludo@gnu.org (Ludovic =?iso-8859-1?Q?Court=E8s?=) Newsgroups: gmane.lisp.guile.devel Subject: Re: Psyntax security hole prevents secure sandboxing in Guile Date: Mon, 07 May 2012 18:31:55 +0200 Message-ID: <87ipg8uf44.fsf@gnu.org> References: <87havtp42i.fsf@netris.org> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Trace: dough.gmane.org 1336408350 26648 80.91.229.3 (7 May 2012 16:32:30 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Mon, 7 May 2012 16:32:30 +0000 (UTC) To: guile-devel@gnu.org Original-X-From: guile-devel-bounces+guile-devel=m.gmane.org@gnu.org Mon May 07 18:32:29 2012 Return-path: Envelope-to: guile-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1SRQrK-0005xb-QJ for guile-devel@m.gmane.org; Mon, 07 May 2012 18:32:26 +0200 Original-Received: from localhost ([::1]:33747 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SRQrK-0008U3-0A for guile-devel@m.gmane.org; Mon, 07 May 2012 12:32:26 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:40763) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SRQrH-0008Tn-A1 for guile-devel@gnu.org; Mon, 07 May 2012 12:32:24 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1SRQrA-00066K-3c for guile-devel@gnu.org; Mon, 07 May 2012 12:32:22 -0400 Original-Received: from plane.gmane.org ([80.91.229.3]:34546) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SRQr9-00066G-T5 for guile-devel@gnu.org; Mon, 07 May 2012 12:32:16 -0400 Original-Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1SRQr6-0005ok-OM for guile-devel@gnu.org; Mon, 07 May 2012 18:32:12 +0200 Original-Received: from 193.50.110.130 ([193.50.110.130]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 07 May 2012 18:32:12 +0200 Original-Received: from ludo by 193.50.110.130 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 07 May 2012 18:32:12 +0200 X-Injected-Via-Gmane: http://gmane.org/ Original-Lines: 23 Original-X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: 193.50.110.130 X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 19 =?iso-8859-1?Q?Flor=E9al?= an 220 de la =?iso-8859-1?Q?R=E9volution?= X-PGP-Key-ID: 0xEA52ECF4 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 83C4 F8E5 10A3 3B4C 5BEA D15D 77DD 95E2 EA52 ECF4 X-OS: x86_64-unknown-linux-gnu User-Agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.93 (gnu/linux) Cancel-Lock: sha1:BJTDj17KVQUxrRtm983rA+jswTY= X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 80.91.229.3 X-BeenThere: guile-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Developers list for Guile, the GNU extensibility library" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guile-devel-bounces+guile-devel=m.gmane.org@gnu.org Original-Sender: guile-devel-bounces+guile-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.lisp.guile.devel:14371 Archived-At: Hi Mark! Mark H Weaver skribis: > Every once in a while someone asks about secure sandboxing with Guile, > and generally the response is that it should be fairly easy, by creating > a module with carefully selected bindings, but there's nothing ready > "out of the box". > > I just realized that psyntax has a security hole that prevents secure > sandboxing, and wanted to post this fact before it was forgotten. There are many other holes, such as the fact that ‘@@’ is compiled to the ‘toplevel-ref’ instruction, which can search inside modules. > The problem is that psyntax accepts syntax-objects in the input, and > syntax-objects are simply vectors (or sexps containing vectors). I agree it would be nice to fix eventually, using structs, but it takes more than this to allow for “secure sandboxing”. Thanks, Ludo’.