unofficial mirror of guile-user@gnu.org 
 help / color / mirror / Atom feed
* Re: load in environmento
@ 2007-07-10  6:55 Marco Maggi
  0 siblings, 0 replies; only message in thread
From: Marco Maggi @ 2007-07-10  6:55 UTC (permalink / raw)
  To: guile-user

Ciao,

"Jon Wilson" wrote:
>What does PURIFY-MODULE! actually do? [...] Removes
>bindings in MODULE which are inherited from the (guile)
>module. [...] I think the mechanics of what it does are
>clear enough, but from my understanding of modules, it
>seems essentially useless.

You are right. I have not inspected MAKE-MODULE (shame
on me), I blindly assumed that PURIFY-MODULE! has the
same effect of the '#:pure' option to DEFINE-MODULE.

>Is there any reason why you chose to read and eval
>the file manually rather than using LOAD with the
>current module set to asl-interp?

Because:
1. it does not require the dynamic wind to switch module,
   so the code is shorter;
2. if you have the string, you can preprocess/validate it
   before evaluating it; I know that this is what the ASL
   interpreter is supposed to do...
3. if you modify the code I posted to use some other thing
   than WITH-INPUT-FROM-FILE you can write more user
   friendly error messages in case the file is not loadable;
4. it is not clear to me why Guile allows the invocation
   of LOAD in a pure module, with the dynamic-wind-like
   solution; I think that I understand the mechanics of it
   (when the function is read the symbol LOAD is
   substituted), but IMHO it is an error;
5. if one wants to load a file in ASL, it is better to have
   a specialised version of LOAD in the ASL interpreter
   that checks the file extension, the source directory
   in a selected path, etc, and finally that builds
   more user friendly error messages.

>How can I evaluate the safety of various things I might
>add in?

This needs some thought, it is the same as: how can I
make secure CGI scripts for the web? Random list:

1. deny everything, allow selected;
2. do not allow direct file system access;
3. do not allow direct network access;
4. do not allow direct access to environment variables;
5. do not use EVAL and the like on user expressions
   in the uplevel module;
6. put a limit on the represented data length and the
   number of records, so that they cannot be generated
   in an endless loop (in case you allow looping
   stuff in ASL, which could be useful).

--
Marco Maggi

"They say jump!, you say how high?"
Rage Against the Machine - "Bullet in the Head"



_______________________________________________
Guile-user mailing list
Guile-user@gnu.org
http://lists.gnu.org/mailman/listinfo/guile-user


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2007-07-10  6:55 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-07-10  6:55 load in environmento Marco Maggi

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).