* Evaluation with function whitelist @ 2023-07-15 3:03 Ryan Raymond 2023-07-15 5:45 ` Mike Gran 0 siblings, 1 reply; 8+ messages in thread From: Ryan Raymond @ 2023-07-15 3:03 UTC (permalink / raw) To: guile-user Hello, all. I've been on this for almost a month now. I'm working on a project for my work, where we need a console to control automation. I wanted to use an existing language instead of developing one, and I thought Guile would be a good choice. Basically, I want the user to be able to open a repl shell, but by default it should have *no* bindings except the ones I whitelisted. For example, (getcwd) should fail, even (if #t #t #f) should say that "if" isn't defined. Then I can add in only the procedures I want (plus a couple automation commands). Does anyone know how to do this? I'm at my wit's end. I was thinking I could get a list of all the language bindings and un-bind them in one fell swoop, but I haven't found a way to do that. Thanks, Ryan ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Evaluation with function whitelist 2023-07-15 3:03 Evaluation with function whitelist Ryan Raymond @ 2023-07-15 5:45 ` Mike Gran 2023-07-15 10:40 ` Dr. Arne Babenhauserheide 0 siblings, 1 reply; 8+ messages in thread From: Mike Gran @ 2023-07-15 5:45 UTC (permalink / raw) To: guile-user@gnu.org, Ryan Raymond >Hello, all. >I've been on this for almost a month now. I'm working on a project for my >work, where we need a console to control automation. I wanted to use an >existing language instead of developing one, and I thought Guile would be a >good choice. Basically, I want the user to be able to open a repl shell, >but by default it should have *no* bindings except the ones I whitelisted. >For example, (getcwd) should fail, even (if #t #t #f) should say that "if" >isn't defined. Then I can add in only the procedures I want (plus a couple >automation commands). Does anyone know how to do this? I'm at my wit's end. >I was thinking I could get a list of all the language bindings and un-bind >them in one fell swoop, but I haven't found a way to do that. Hello Ryan, Define a module in a file with the "#:pure" option so that it starts off empty. Import what you need. Look at ice-9/safe-r5rs.scm for an example. Probably in /usr/share/guile/3.0/ice-9/safe-r5rs.scm Let's say your new module was (ryan stuff) and it could only do display and eqv? (define-module (ryan stuff) #:pure #:use-module ((guile) #:select (display eqv?) #:re-export (display eqv?)) To resolve the module (define m (resolve '(ryan stuff))) To eval in module (eval <expression> m) To make primitive repl (define (main) (let ((m (resolve-module '(ryan stuff)))) (display "> ") (let loop ((expr (read))) (write (false-if-exception (eval expr m))) (newline) (display "> ") (loop (read))))) (main) But fix primitive repl with better error handling than 'false-if-exception'. And add your own meta-commands. Using the real repl is probably a no-go, since it has meta-commands like ",m" that would let the user ignore your whitelist. I didn't really test this, but it should be mostly correct. Regards, Mike Gran ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Evaluation with function whitelist 2023-07-15 5:45 ` Mike Gran @ 2023-07-15 10:40 ` Dr. Arne Babenhauserheide 2023-07-15 14:09 ` Thompson, David 0 siblings, 1 reply; 8+ messages in thread From: Dr. Arne Babenhauserheide @ 2023-07-15 10:40 UTC (permalink / raw) To: Mike Gran; +Cc: Ryan Raymond, guile-user [-- Attachment #1: Type: text/plain, Size: 973 bytes --] Hi Mike, Mike Gran <spk121@yahoo.com> writes: >>good choice. Basically, I want the user to be able to open a repl shell, >>but by default it should have *no* bindings except the ones I whitelisted. > Define a module in a file with the "#:pure" option so that it starts off empty. … > Using the real repl is probably a no-go, since it has meta-commands > like ",m" that would let the user ignore your whitelist. > > I didn't really test this, but it should be mostly correct. Sandboxed Evaluation may also be interesting for this: https://www.gnu.org/software/guile/manual/html_node/Sandboxed-Evaluation.html (to prevent users from blocking the process) If you want a long term view for the most powerful approach that preserves allow-listing, see Spritely Goblins: https://spritely.institute/files/docs/guile-goblins/latest/A-simple-greeter.html Best wishes, Arne -- Unpolitisch sein heißt politisch sein, ohne es zu merken. draketo.de [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 1125 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Evaluation with function whitelist 2023-07-15 10:40 ` Dr. Arne Babenhauserheide @ 2023-07-15 14:09 ` Thompson, David 2023-07-15 20:05 ` Ryan Raymond 0 siblings, 1 reply; 8+ messages in thread From: Thompson, David @ 2023-07-15 14:09 UTC (permalink / raw) To: Dr. Arne Babenhauserheide; +Cc: Mike Gran, Ryan Raymond, Guile User Hey Ryan, Mike, Arne, On Sat, Jul 15, 2023 at 6:48 AM Dr. Arne Babenhauserheide <arne_bab@web.de> wrote: > > Mike Gran <spk121@yahoo.com> writes: > > >>good choice. Basically, I want the user to be able to open a repl shell, > >>but by default it should have *no* bindings except the ones I whitelisted. > > Define a module in a file with the "#:pure" option so that it starts off empty. > … > > Using the real repl is probably a no-go, since it has meta-commands > > like ",m" that would let the user ignore your whitelist. > > > > I didn't really test this, but it should be mostly correct. > > Sandboxed Evaluation may also be interesting for this: > https://www.gnu.org/software/guile/manual/html_node/Sandboxed-Evaluation.html > (to prevent users from blocking the process) Yeah, I agree that (ice-9 sandbox) is the best option available right now. Not bulletproof but covers a lot of important details that just using a pure module would not. This might be a difficult exercise for someone new to Guile, but the 'eval-in-sandbox' procedure looks like it provides the essential piece for a sandboxed REPL. You could define a custom language (see (system base language)) that uses that procedure as its evaluator. You'd then write a script that runs a REPL via (system repl repl) using that custom language. Guix's bournish shell (and monad REPL) does this trick: https://git.savannah.gnu.org/cgit/guix.git/tree/guix/build/bournish.scm#n267 So does Spritely Goblins (I wrote this code): https://gitlab.com/spritely/guile-goblins/-/blob/main/goblins/repl.scm#L206 Neither use sandboxing, but they should serve as good examples of the basic "custom language that is just Scheme with a different evaluator" + REPL pattern. I'd be curious to what extent sandboxing would break metacommands, and which metacommands could circumvent the sandbox. One easy, but hacky, option would be to just punt on figuring that out and clear the command table: (set! (@@ (system repl command) *command-table*) '()) > If you want a long term view for the most powerful approach that > preserves allow-listing, see Spritely Goblins: > https://spritely.institute/files/docs/guile-goblins/latest/A-simple-greeter.html It is not currently safe to evaluate untrusted code with Goblins, and it doesn't sound like Ryan is trying to build a distributed network application so probably Goblins isn't a good fit. However, it is on the Spritely roadmap to write a secure Scheme subset (codename Oaken, see https://spritelyproject.org) built on object capability security principles. Oaken would be hosted on the Guile VM. When that's ready I will happily encourage its use. For now, (ice-9 sandbox) is the way to go if Ryan wants to proceed with using Guile. tl;dr: I think Ryan could make this work. Good luck with your project, Ryan! - Dave ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Evaluation with function whitelist 2023-07-15 14:09 ` Thompson, David @ 2023-07-15 20:05 ` Ryan Raymond 2023-07-15 21:01 ` Dr. Arne Babenhauserheide 0 siblings, 1 reply; 8+ messages in thread From: Ryan Raymond @ 2023-07-15 20:05 UTC (permalink / raw) To: Thompson, David; +Cc: Dr. Arne Babenhauserheide, Mike Gran, Guile User Mike, you are truly a lifesaver. My work uses an in-house programming language that really is not too great, but now I finally have a chance to change their minds. Thank you so much! This appears to do exactly what I need. Dr. Arne, I will certainly use sandboxed evaluation as you have suggested. I wasn't able to use it to enter a new lexical scope, but it will be good to protect things beyond that (like infinite loops). David, Goblins looks interesting. The code you wrote is so elegant. It looks nothing like corporate code. The premise of the project is interesting. I'll have to look into it. It's sort of bending my mind (a lot like lisp at first). Thank you, all. I think it's safe to consider this matter concluded! Ryan On Sat, Jul 15, 2023 at 9:09 AM Thompson, David <dthompson2@worcester.edu> wrote: > Hey Ryan, Mike, Arne, > > On Sat, Jul 15, 2023 at 6:48 AM Dr. Arne Babenhauserheide > <arne_bab@web.de> wrote: > > > > Mike Gran <spk121@yahoo.com> writes: > > > > >>good choice. Basically, I want the user to be able to open a repl > shell, > > >>but by default it should have *no* bindings except the ones I > whitelisted. > > > Define a module in a file with the "#:pure" option so that it starts > off empty. > > … > > > Using the real repl is probably a no-go, since it has meta-commands > > > like ",m" that would let the user ignore your whitelist. > > > > > > I didn't really test this, but it should be mostly correct. > > > > Sandboxed Evaluation may also be interesting for this: > > > https://www.gnu.org/software/guile/manual/html_node/Sandboxed-Evaluation.html > > (to prevent users from blocking the process) > > Yeah, I agree that (ice-9 sandbox) is the best option available right > now. Not bulletproof but covers a lot of important details that just > using a pure module would not. > > This might be a difficult exercise for someone new to Guile, but the > 'eval-in-sandbox' procedure looks like it provides the essential piece > for a sandboxed REPL. You could define a custom language (see (system > base language)) that uses that procedure as its evaluator. You'd then > write a script that runs a REPL via (system repl repl) using that > custom language. > > Guix's bournish shell (and monad REPL) does this trick: > > https://git.savannah.gnu.org/cgit/guix.git/tree/guix/build/bournish.scm#n267 > So does Spritely Goblins (I wrote this code): > https://gitlab.com/spritely/guile-goblins/-/blob/main/goblins/repl.scm#L206 > > Neither use sandboxing, but they should serve as good examples of the > basic "custom language that is just Scheme with a different evaluator" > + REPL pattern. > > I'd be curious to what extent sandboxing would break metacommands, and > which metacommands could circumvent the sandbox. One easy, but hacky, > option would be to just punt on figuring that out and clear the > command table: > > (set! (@@ (system repl command) *command-table*) '()) > > > If you want a long term view for the most powerful approach that > > preserves allow-listing, see Spritely Goblins: > > > https://spritely.institute/files/docs/guile-goblins/latest/A-simple-greeter.html > > It is not currently safe to evaluate untrusted code with Goblins, and > it doesn't sound like Ryan is trying to build a distributed network > application so probably Goblins isn't a good fit. However, it is on > the Spritely roadmap to write a secure Scheme subset (codename Oaken, > see https://spritelyproject.org) built on object capability security > principles. Oaken would be hosted on the Guile VM. When that's ready > I will happily encourage its use. For now, (ice-9 sandbox) is the way > to go if Ryan wants to proceed with using Guile. > > tl;dr: I think Ryan could make this work. > > Good luck with your project, Ryan! > > - Dave > ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Evaluation with function whitelist 2023-07-15 20:05 ` Ryan Raymond @ 2023-07-15 21:01 ` Dr. Arne Babenhauserheide 2023-07-16 2:09 ` Mike Gran 0 siblings, 1 reply; 8+ messages in thread From: Dr. Arne Babenhauserheide @ 2023-07-15 21:01 UTC (permalink / raw) To: Ryan Raymond; +Cc: Thompson, David, Mike Gran, Guile User [-- Attachment #1: Type: text/plain, Size: 260 bytes --] Ryan Raymond <rjraymond@oakland.edu> writes: > Thank you, all. I think it's safe to consider this matter concluded! Great to hear that — good luck! Best wishes, Arne -- Unpolitisch sein heißt politisch sein, ohne es zu merken. draketo.de [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 1125 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Evaluation with function whitelist 2023-07-15 21:01 ` Dr. Arne Babenhauserheide @ 2023-07-16 2:09 ` Mike Gran 2023-07-16 9:31 ` Dr. Arne Babenhauserheide 0 siblings, 1 reply; 8+ messages in thread From: Mike Gran @ 2023-07-16 2:09 UTC (permalink / raw) To: Ryan Raymond, Dr. Arne Babenhauserheide; +Cc: Thompson, David, Guile User Hey all- It was just by weird coincidence that I was working on something quite similar to all this for another side project, which is why I had an answer at hand originally. So I went ahead and checked in a working version of my constrained REPL plus a constrained environment in the (sandy sandy) module found here: https://github.com/spk121/guile-web-sandbox/tree/master/module/sandy Since it was a minor change, I also did one using the (ice-9 sandbox) like Arne suggested. You can see both in sandy.scm in that directory. Regards, Mike Gran ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Evaluation with function whitelist 2023-07-16 2:09 ` Mike Gran @ 2023-07-16 9:31 ` Dr. Arne Babenhauserheide 0 siblings, 0 replies; 8+ messages in thread From: Dr. Arne Babenhauserheide @ 2023-07-16 9:31 UTC (permalink / raw) To: Mike Gran; +Cc: Ryan Raymond, Thompson, David, Guile User [-- Attachment #1: Type: text/plain, Size: 695 bytes --] Mike Gran <spk121@yahoo.com> writes: > So I went ahead and checked in a working version of > my constrained REPL plus a constrained environment in the > (sandy sandy) module found here: > https://github.com/spk121/guile-web-sandbox/tree/master/module/sandy "Containerized web repl" — that sounds awesome! If you want to use websockets to communicate with it, you may be able to take some of my code from dryads wake: https://hg.sr.ht/~arnebab/dryads-sun/browse/game-helpers.w?rev=tip#L458 There were some hacks needed to cleanly forward the websocket to ports in fibers. Best wishes, Arne -- Unpolitisch sein heißt politisch sein, ohne es zu merken. draketo.de [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 1125 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2023-07-16 9:31 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2023-07-15 3:03 Evaluation with function whitelist Ryan Raymond 2023-07-15 5:45 ` Mike Gran 2023-07-15 10:40 ` Dr. Arne Babenhauserheide 2023-07-15 14:09 ` Thompson, David 2023-07-15 20:05 ` Ryan Raymond 2023-07-15 21:01 ` Dr. Arne Babenhauserheide 2023-07-16 2:09 ` Mike Gran 2023-07-16 9:31 ` Dr. Arne Babenhauserheide
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).