From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: "Thompson, David" Newsgroups: gmane.lisp.guile.user Subject: Re: Evaluation with function whitelist Date: Sat, 15 Jul 2023 10:09:41 -0400 Message-ID: References: <314930819.342984.1689399952041@mail.yahoo.com> <877cr178o2.fsf@web.de> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="25684"; mail-complaints-to="usenet@ciao.gmane.io" Cc: Mike Gran , Ryan Raymond , Guile User To: "Dr. Arne Babenhauserheide" Original-X-From: guile-user-bounces+guile-user=m.gmane-mx.org@gnu.org Sat Jul 15 16:10:32 2023 Return-path: Envelope-to: guile-user@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1qKfyh-0006UJ-Vy for guile-user@m.gmane-mx.org; Sat, 15 Jul 2023 16:10:32 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qKfyF-0004YP-P2; Sat, 15 Jul 2023 10:10:03 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qKfy7-0004Ux-U1 for guile-user@gnu.org; Sat, 15 Jul 2023 10:09:57 -0400 Original-Received: from mail-oi1-x233.google.com ([2607:f8b0:4864:20::233]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qKfy5-0000Ca-Cx for guile-user@gnu.org; Sat, 15 Jul 2023 10:09:55 -0400 Original-Received: by mail-oi1-x233.google.com with SMTP id 5614622812f47-3a425ef874dso2181214b6e.0 for ; Sat, 15 Jul 2023 07:09:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=worcester-edu.20221208.gappssmtp.com; s=20221208; t=1689430192; x=1692022192; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=vbOIvUCge0iLx1ky4BXCfOpfeMr31PzBPEkcdmQqWTE=; b=CL82Ou6ZTrRGXVJl0d3wkru2LlheECblAH+cmQDgmzKdctmWzZFou+yst/NdXyVkS4 68KyjZz2WJSTWKp8/ByrIlhv1Cq61WcFnO72Zv/0D8lLDzgPG+LMaGxaANj0LpwmaRik q6Ie03Cf1+WimWs6gERboDDEBgadZcIQeuqbBWOkGFZV88U+XGmBLM6sNGYHcWp9h8IE j3/AZkyFDDL6k0YKFRFGKYWr4UeMviFcZXGUa/HWB6aufHTJ5ZaZ96yEVNk7s7JyzpeU ykhSRwPJvWTP9znaEC+1MkWTZDD4QWKUG2mWZQAa2Au3M4LOYSXHmLYiHOIRae/t0leB IUPw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689430192; x=1692022192; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vbOIvUCge0iLx1ky4BXCfOpfeMr31PzBPEkcdmQqWTE=; b=im+g5CReZG7KssU1/CbCyasWyQi1r4QldMBUaTAnfSWJUhMt+ttfdJkWYvgMsLZ/7Z KyFqkCWGTREkLL1tEOMfmeGlveSjLrasZ7R1xBZhiU6ApYqzsfkQLhTSqS5Z+Fo4KhuN 3Y5LxacjBc4Z6nKXIMFBKCLZ7kgNGmEiElOrM/NkfxE2f2YiIMdRCKuItWiEnLrmSwgZ AMLjr/QTFkGeLv9pW8z3XRdIbkMxhuhkZS6YhIOxz5ePgKGNd2ObT8k4wZadJgPl8yXP S1khX2ge2MEMrS0dvvjOlRrgkPxuGLhHxZESTCrMI5DZJtOM2oBO3Tomd1dGzo3DKOMf +Isg== X-Gm-Message-State: ABy/qLb9ulVS0p9/myb7ayZUlGcHmNRo+b2z+gOqiU8qRVcnJLGMmbHe waojkP8mHzafp+9uxSYFF6dP9j1DNyARzImmLZokng== X-Google-Smtp-Source: APBJJlHIO6GnJzT/isySvurTcdpuo+R5WzYfRefjKyheTtkUgY08eZfaDKohgC9dFUMiEiGKNamnII6UO4oPDA9U9og= X-Received: by 2002:a05:6358:7f0e:b0:132:fcf6:f311 with SMTP id p14-20020a0563587f0e00b00132fcf6f311mr6964268rwn.0.1689430191891; Sat, 15 Jul 2023 07:09:51 -0700 (PDT) In-Reply-To: <877cr178o2.fsf@web.de> Received-SPF: pass client-ip=2607:f8b0:4864:20::233; envelope-from=dthompson2@worcester.edu; helo=mail-oi1-x233.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guile-user@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Guile related discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guile-user-bounces+guile-user=m.gmane-mx.org@gnu.org Original-Sender: guile-user-bounces+guile-user=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.lisp.guile.user:19094 Archived-At: Hey Ryan, Mike, Arne, On Sat, Jul 15, 2023 at 6:48=E2=80=AFAM Dr. Arne Babenhauserheide wrote: > > Mike Gran writes: > > >>good choice. Basically, I want the user to be able to open a repl shell= , > >>but by default it should have *no* bindings except the ones I whitelist= ed. > > Define a module in a file with the "#:pure" option so that it starts of= f empty. > =E2=80=A6 > > Using the real repl is probably a no-go, since it has meta-commands > > like ",m" that would let the user ignore your whitelist. > > > > I didn't really test this, but it should be mostly correct. > > Sandboxed Evaluation may also be interesting for this: > https://www.gnu.org/software/guile/manual/html_node/Sandboxed-Evaluation.= html > (to prevent users from blocking the process) Yeah, I agree that (ice-9 sandbox) is the best option available right now. Not bulletproof but covers a lot of important details that just using a pure module would not. This might be a difficult exercise for someone new to Guile, but the 'eval-in-sandbox' procedure looks like it provides the essential piece for a sandboxed REPL. You could define a custom language (see (system base language)) that uses that procedure as its evaluator. You'd then write a script that runs a REPL via (system repl repl) using that custom language. Guix's bournish shell (and monad REPL) does this trick: https://git.savannah.gnu.org/cgit/guix.git/tree/guix/build/bournish.scm#n26= 7 So does Spritely Goblins (I wrote this code): https://gitlab.com/spritely/guile-goblins/-/blob/main/goblins/repl.scm#L206 Neither use sandboxing, but they should serve as good examples of the basic "custom language that is just Scheme with a different evaluator" + REPL pattern. I'd be curious to what extent sandboxing would break metacommands, and which metacommands could circumvent the sandbox. One easy, but hacky, option would be to just punt on figuring that out and clear the command table: (set! (@@ (system repl command) *command-table*) '()) > If you want a long term view for the most powerful approach that > preserves allow-listing, see Spritely Goblins: > https://spritely.institute/files/docs/guile-goblins/latest/A-simple-greet= er.html It is not currently safe to evaluate untrusted code with Goblins, and it doesn't sound like Ryan is trying to build a distributed network application so probably Goblins isn't a good fit. However, it is on the Spritely roadmap to write a secure Scheme subset (codename Oaken, see https://spritelyproject.org) built on object capability security principles. Oaken would be hosted on the Guile VM. When that's ready I will happily encourage its use. For now, (ice-9 sandbox) is the way to go if Ryan wants to proceed with using Guile. tl;dr: I think Ryan could make this work. Good luck with your project, Ryan! - Dave