i think it is possible to restrict the bindings available for code that
is evaluated with eval-in-sandbox. eval-in-sandbox accepts a keyword
argument named #:module for supplying a module object which gives all
bindings that will be available to the evaluated code. a module with the
allowed bindings can be created with make-sandbox-module.
here is an example:
```
(import (ice-9 sandbox))
(define env (make-sandbox-module (list (quote ((guile) display
string-append)))))
(define result
(eval-in-sandbox (quote (display string-append)) #:time-limit 2
#:module env))
```
when i remove string-append from the list, the code evaluation fails
with an unbound variable exception. the argument to make-sandbox-module
is a list of lists, where for each the first element is a module name
and the rest are binding names to include from that module. there are a
few default sets, for example the variables string-bindings,
list-bindings, number-bindings, etc.
the preset sets are also just lists and can be appended
```
(make-sandbox-module
(append
core-bindings string-bindings symbol-bindings list-bindings
number-bindings
(quote (
((my example module) link-files include-files)))))
```
if eval-in-sandbox would not exist, one would perhaps use eval from
(rnrs eval), which can also take a module that restricts available
features.
