From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Amirouche Boubekki Newsgroups: gmane.lisp.guile.user Subject: Re: Is there any security risk related to the use of the reader? Date: Sun, 25 Feb 2018 18:38:29 +0100 Message-ID: <70e7803bc07ddc477b64a405d717f6ac@hypermove.net> References: <3798469bc8c299451807dfdc796146d7@hypermove.net> <2fea5947-a129-493c-180c-18b6b89385da@gmail.com> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Trace: blaine.gmane.org 1519580221 2685 195.159.176.226 (25 Feb 2018 17:37:01 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Sun, 25 Feb 2018 17:37:01 +0000 (UTC) User-Agent: Roundcube Webmail/1.1.2 Cc: guile-user@gnu.org, guile-user To: Matt Wette Original-X-From: guile-user-bounces+guile-user=m.gmane.org@gnu.org Sun Feb 25 18:36:57 2018 Return-path: Envelope-to: guile-user@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eq0EK-0000KF-I4 for guile-user@m.gmane.org; Sun, 25 Feb 2018 18:36:56 +0100 Original-Received: from localhost ([::1]:55334 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eq0GM-0005ej-Vs for guile-user@m.gmane.org; Sun, 25 Feb 2018 12:39:03 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:50890) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eq0Fw-0005eU-Qw for guile-user@gnu.org; Sun, 25 Feb 2018 12:38:37 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eq0Fw-0003nS-2J for guile-user@gnu.org; Sun, 25 Feb 2018 12:38:36 -0500 Original-Received: from relay5-d.mail.gandi.net ([217.70.183.197]:41120) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1eq0Fr-0003jI-Mu; Sun, 25 Feb 2018 12:38:31 -0500 Original-Received: from webmail.gandi.net (webmail7-d.mgt.gandi.net [10.58.1.147]) (Authenticated sender: amirouche@hypermove.net) by relay5-d.mail.gandi.net (Postfix) with ESMTPA id 09C3241C091; Sun, 25 Feb 2018 18:38:29 +0100 (CET) In-Reply-To: <2fea5947-a129-493c-180c-18b6b89385da@gmail.com> X-Sender: amirouche@hypermove.net X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 217.70.183.197 X-BeenThere: guile-user@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: General Guile related discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guile-user-bounces+guile-user=m.gmane.org@gnu.org Original-Sender: "guile-user" Xref: news.gmane.org gmane.lisp.guile.user:14466 Archived-At: On 2018-02-25 18:29, Matt Wette wrote: > On 02/25/2018 07:35 AM, Amirouche Boubekki wrote: >> I have procedures like that in my program: >> >> (define-public (scm->string scm) >>   (call-with-output-string >>     (lambda (port) >>       (write scm port)))) >> >> (define-public (string->scm string) >>   (call-with-input-string string read)) >> >> Is it safe to pass to this procedures input from third parties? >> >> TIA! >> > > maybe check (ice-9 sandbox), explained in section 6.18.12 of the 2.2.3 > manual I don't know what are the performance implication to seriallize / deserialize in a sandbox. This would slow down every write / read. The alternative I am thinking about is to use msgpack but I will loose direct representation of bignum, maybe it's a good enough strategy. People that need precision maybe use hdf5 string representation.