From mboxrd@z Thu Jan 1 00:00:00 1970 Path: main.gmane.org!not-for-mail From: Marius Vollmer Newsgroups: gmane.lisp.guile.user Subject: Re: Refactoring dynamic roots Date: Sat, 29 Jan 2005 01:17:52 +0100 Message-ID: <87vf9hjdfz.fsf@zagadka.de> References: <87acqtfeod.fsf@zip.com.au> NNTP-Posting-Host: deer.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1106958239 25896 80.91.229.6 (29 Jan 2005 00:23:59 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Sat, 29 Jan 2005 00:23:59 +0000 (UTC) Cc: guile-user@gnu.org Original-X-From: guile-user-bounces+guile-user=m.gmane.org@gnu.org Sat Jan 29 01:23:54 2005 Return-path: Original-Received: from lists.gnu.org ([199.232.76.165]) by deer.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 1CugP4-0003mq-00 for ; Sat, 29 Jan 2005 01:23:54 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1CugY2-0002mo-T3 for guile-user@m.gmane.org; Fri, 28 Jan 2005 19:33:10 -0500 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1CugXe-0002k2-VY for guile-user@gnu.org; Fri, 28 Jan 2005 19:32:49 -0500 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1CugXa-0002h9-Kx for guile-user@gnu.org; Fri, 28 Jan 2005 19:32:43 -0500 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1CugXa-0002gz-G2 for guile-user@gnu.org; Fri, 28 Jan 2005 19:32:42 -0500 Original-Received: from [195.253.8.218] (helo=mail.dokom.net) by monty-python.gnu.org with esmtp (Exim 4.34) id 1CugJP-0001u8-BF for guile-user@gnu.org; Fri, 28 Jan 2005 19:18:03 -0500 Original-Received: from [195.138.42.53] (helo=zagadka.ping.de) by mail.dokom.net with smtp (Exim 4.34) id 1CugJO-0006nq-A0 for guile-user@gnu.org; Sat, 29 Jan 2005 01:18:02 +0100 Original-Received: (qmail 27196 invoked by uid 1000); 29 Jan 2005 00:17:57 -0000 Original-To: Kevin Ryde In-Reply-To: <87acqtfeod.fsf@zip.com.au> (Kevin Ryde's message of "Sat, 29 Jan 2005 08:04:50 +1100") User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/21.3.50 (gnu/linux) X-BeenThere: guile-user@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: General Guile related discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: guile-user-bounces+guile-user=m.gmane.org@gnu.org Errors-To: guile-user-bounces+guile-user=m.gmane.org@gnu.org Xref: main.gmane.org gmane.lisp.guile.user:4182 X-Report-Spam: http://spam.gmane.org/gmane.lisp.guile.user:4182 Kevin Ryde writes: > Marius Vollmer writes: >> >> The other thing that dynamic roots do is to isolate changes to the >> dynamic state. For example, calls to set-current-output-port or >> fluid-set! have no effects outside of a dynamic root. This might be >> useful when running arbitrary code since the caller can protect itself >> from unexpected changes to the dynamic state. (This is not _that_ >> useful for sandboxing code since the code can of course change the >> global state of Guile arbitrarily unless other measures are taken.) > > I'm unsure about this bit. If you trust the code enough not to mangle > global variables, can't you trust it enough not to mangle fluids too? Hmm, it is probably not so much about trust, but about being nice to the code that you run: you want to give it its own dynamic state because that is very useful. Of course you have to trust the code that you run. If you do not trust it but want to run it anyway, my answer would be to isolate the whole guile process with the means provided by the OS, such as chrooting it, running it as nobody, etc. -- GPG: D5D4E405 - 2F9B BCCC 8527 692A 04E3 331E FAF8 226A D5D4 E405 _______________________________________________ Guile-user mailing list Guile-user@gnu.org http://lists.gnu.org/mailman/listinfo/guile-user