-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, Nov 22, 2015 at 11:06:05AM +0100, Arne Babenhauserheide wrote: > Am Samstag, 21. November 2015, 13:35:12 schrieb Matthew Keeter: > > If I were to replace Python with Guile, is there a way to sandbox it so > > that arbitrary (perhaps > > malicious) user-provided scripts can be run safely? > > The languages which try to do that are Java and Javascript, and they > have several bugs connected to this every year (which i.e. allowing > execution of code with elevated priviledges). > > To make this safe, you could follow the route described by Pascal: > Define a restricted sub-language which is not turing-complete. You can
I think the problem isn't Turing completeness. It's the access to the whole machine environment. Still a tall order. As another point, the Tcl community has had something they call "safe" for quite a while (they can have several interpreters in one executable and can instantiate so-called "safe" interpreters [1]). Might be worth a look (for inspiration -- or for use). [1] <http://wiki.tcl.tk/4204> - -- t -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlZVln4ACgkQBcgs9XrR2kYQyQCfTADGl0E80DtDZcCvuCcBhdhe lZcAn2O4S4bQbWYtVcJUP/S/R/IlBJdg =3+xj -----END PGP SIGNATURE-----
