(I said "mark" meaning continuation mark. FWIW.) On Sun, Jan 15, 2012 at 7:05 PM, Eli Barzilay <e...@barzilay.org> wrote: > Yesterday, Robby Findler wrote: >> Perhaps the right thing is to have the setup code export a small >> library that contains a "is my mark bound in the context" function >> and then the sandbox can call that function when deciding whether or >> not to grant permission. >> >> (That has the dependencies going the right way, right?) > > Yes. But I'd like to hear Matthew's opinion before hacking something > like that in. > > The thing that bothers me about this solution is that there might some > other code that needs to be treated as priviliged too, and in that > case the sandbox will need to invoke each file's predicate (they won't > be able to share this functionality since the actual values must be > hidden). For this reason, and assuming that this is a proper > solution, the parameter is better put at the "highest" entry point to > the priviliged code. I suspect that this means that it should be part > of the resolver, but only in the built-in unconfigurable core > (otherwise you can circumvent protection by a configured malicious > resolver), so perhaps this has to be done in the C core. > > It's also not clear to me if a whole parameter is needed, or just a > continuation mark. > > -- > ((lambda (x) (x x)) (lambda (x) (x x))) Eli Barzilay: > http://barzilay.org/ Maze is Life!
____________________ Racket Users list: http://lists.racket-lang.org/users
