From: Amirouche Boubekki <amirouche@hypermove.net>
To: "Pascal J. Bourguignon" <pjb@informatimago.com>
Cc: guile-user@gnu.org, guile-user-bounces+amirouche=hypermove.net@gnu.org
Subject: Re: Embedding Guile with sandboxing
Date: Tue, 24 Nov 2015 17:35:18 +0100 [thread overview]
Message-ID: <48ac5fec1936e07f1ff896699e78cf85@hypermove.net> (raw)
In-Reply-To: <87vb8vvxqd.fsf@kuiper.lan.informatimago.com>
Le 2015-11-21 22:39, Pascal J. Bourguignon a écrit :
> Matthew Keeter <matt.j.keeter@gmail.com> writes:
>
>> I’m currently embedding Python in a C / C++ application that evaluates
>> user-provided scripts.
>>
>> Obviously, this is terribly unsafe: user-provided scripts can execute
>> arbitrary malicious actions,
>> and there’s no good way to sandbox Python in a desktop context.
>>
>> If I were to replace Python with Guile, is there a way to sandbox it
>> so that arbitrary (perhaps
>> malicious) user-provided scripts can be run safely?
>
> So you need to implement a language that won't provide any unwanted
> OS/platform API and that won't provide any way to generate code
> accessing
> to any unwanted feature, and that still allows user to write useful
> programs, while making no mistake; and since it will run on an unsafe
> platform, how will you ensure that a program written in your language
> will never be able to have any nefarious side effects?
If you want to go that route I recommend you have look at GNU epsilon
[1][2]
which is basically a framework for building languages. It's still alpha.
HTH
[1] https://www.gnu.org/software/epsilon/
[2] http://lists.gnu.org/archive/html/epsilon-devel/
next prev parent reply other threads:[~2015-11-24 16:35 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-21 18:35 Embedding Guile with sandboxing Matthew Keeter
2015-11-21 21:39 ` Pascal J. Bourguignon
2015-11-24 16:35 ` Amirouche Boubekki [this message]
2015-11-21 21:40 ` Thompson, David
2015-11-22 10:06 ` Arne Babenhauserheide
2015-11-25 11:07 ` tomas
2015-11-22 15:51 ` Christopher Allan Webber
2015-11-23 0:50 ` Roberto Baleno
2015-11-23 14:55 ` Matthew Keeter
2015-11-25 14:36 ` Christopher Allan Webber
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/guile/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48ac5fec1936e07f1ff896699e78cf85@hypermove.net \
--to=amirouche@hypermove.net \
--cc=guile-user-bounces+amirouche=hypermove.net@gnu.org \
--cc=guile-user@gnu.org \
--cc=pjb@informatimago.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).