From mboxrd@z Thu Jan 1 00:00:00 1970 Path: main.gmane.org!not-for-mail From: David Allouche Newsgroups: gmane.lisp.guile.user Subject: Re: Secure evaluation Date: Tue, 15 Jul 2003 10:01:05 +0200 Sender: guile-user-bounces+guile-user=m.gmane.org@gnu.org Message-ID: <20030715080105.GA20842@ws24047.math.univ-rennes1.fr> References: <20030714153420.GC29847@nemesis.xlii.org> NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: main.gmane.org 1058256442 22371 80.91.224.249 (15 Jul 2003 08:07:22 GMT) X-Complaints-To: usenet@main.gmane.org NNTP-Posting-Date: Tue, 15 Jul 2003 08:07:22 +0000 (UTC) Original-X-From: guile-user-bounces+guile-user=m.gmane.org@gnu.org Tue Jul 15 10:07:21 2003 Return-path: Original-Received: from monty-python.gnu.org ([199.232.76.173]) by main.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 19cKqG-0005of-00 for ; Tue, 15 Jul 2003 10:07:20 +0200 Original-Received: from localhost ([127.0.0.1] helo=monty-python.gnu.org) by monty-python.gnu.org with esmtp (Exim 4.20) id 19cKoo-0005L5-VI for guile-user@m.gmane.org; Tue, 15 Jul 2003 04:05:50 -0400 Original-Received: from list by monty-python.gnu.org with tmda-scanned (Exim 4.20) id 19cKnq-0004kr-Rp for guile-user@gnu.org; Tue, 15 Jul 2003 04:04:50 -0400 Original-Received: from mail by monty-python.gnu.org with spam-scanned (Exim 4.20) id 19cKlQ-0002CA-A0 for guile-user@gnu.org; Tue, 15 Jul 2003 04:02:21 -0400 Original-Received: from mailimailo.univ-rennes1.fr ([129.20.131.1]) by monty-python.gnu.org with esmtp (Exim 4.20) id 19cKkJ-0001wg-Hw for guile-user@gnu.org; Tue, 15 Jul 2003 04:01:11 -0400 Original-Received: from localhost (localhost [127.0.0.1]) by mailimailo.univ-rennes1.fr (Postfix) with ESMTP id B03EA1BFA for ; Tue, 15 Jul 2003 08:01:08 +0000 (MET) Original-Received: from ws24047.math.univ-rennes1.fr (ws24047.math.univ-rennes1.fr [129.20.24.47]) by mailimailo.univ-rennes1.fr (Postfix) with ESMTP id 43EB21C06 for ; Tue, 15 Jul 2003 10:01:06 +0200 (MEST) Original-Received: from david by ws24047.math.univ-rennes1.fr with local (Exim 3.36 #1 (Debian)) id 19cKkE-0005WP-00 for ; Tue, 15 Jul 2003 10:01:06 +0200 Original-To: guile-user@gnu.org Mail-Followup-To: guile-user@gnu.org Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.4i X-Virus-Scanned: by amavisd 0.1 X-BeenThere: guile-user@gnu.org X-Mailman-Version: 2.1.2 Precedence: list List-Id: General Guile related discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guile-user-bounces+guile-user=m.gmane.org@gnu.org Xref: main.gmane.org gmane.lisp.guile.user:2084 X-Report-Spam: http://spam.gmane.org/gmane.lisp.guile.user:2084 On Mon, Jul 14, 2003 at 11:43:46AM -0400, Paul Jarc wrote: > David Allouche wrote: > > But maybe I am misunderstanding how SET! interacts with modules (I > > have not tested) and maybe it is not possible to modify another module > > by SET!ing an imported binding. > > It is not possible with set!, but it is possible with module-set!. > Compound objects can also be modified with set-cdr!, etc., regardless > of which module the object comes from. So untrusted code must not be allowed to use code which has global and publicly modifiable state (yuck!). And probably even indirectly modifiable state, too. So maybe all state should be completely private. Besides, it's probably a better design almost every time. PS [OT]: I just figured out that you can use file reading from untrusted code to effect trusted code, in the case where the file being read actually is a pipe. Thus, pipes must be open with exclusive access (hoping I am not saying something stupid). -- -- ddaa _______________________________________________ Guile-user mailing list Guile-user@gnu.org http://mail.gnu.org/mailman/listinfo/guile-user