After going back and remembering the context, this seems like just the right thing to me.
Robby On Sun, Jan 15, 2012 at 8:46 PM, Matthew Flatt <mfl...@cs.utah.edu> wrote: > How about adding `racket/sandbox/keys': > > #lang racket/base > > (provide (protect-out suspend-file-security-key)) > > (define suspend-file-security-key (gensym)) > > ;; maybe more keys for other sandbox controls > > and then have "main-collects.rkt" wrap its use of > `find-executable-path' to install a mark with this key, which the > sandbox security guard will recognize as permission to inspect files. > > Since the key is protected, it will be inaccessible to untrusted code > in the the same way as unsafe operations. > > > At Sun, 15 Jan 2012 20:05:31 -0500, Eli Barzilay wrote: >> Yesterday, Robby Findler wrote: >> > Perhaps the right thing is to have the setup code export a small >> > library that contains a "is my mark bound in the context" function >> > and then the sandbox can call that function when deciding whether or >> > not to grant permission. >> > >> > (That has the dependencies going the right way, right?) >> >> Yes. But I'd like to hear Matthew's opinion before hacking something >> like that in. >> >> The thing that bothers me about this solution is that there might some >> other code that needs to be treated as priviliged too, and in that >> case the sandbox will need to invoke each file's predicate (they won't >> be able to share this functionality since the actual values must be >> hidden). For this reason, and assuming that this is a proper >> solution, the parameter is better put at the "highest" entry point to >> the priviliged code. I suspect that this means that it should be part >> of the resolver, but only in the built-in unconfigurable core >> (otherwise you can circumvent protection by a configured malicious >> resolver), so perhaps this has to be done in the C core. >> >> It's also not clear to me if a whole parameter is needed, or just a >> continuation mark. >> >> -- >> ((lambda (x) (x x)) (lambda (x) (x x))) Eli Barzilay: >> http://barzilay.org/ Maze is Life! >> ____________________ >> Racket Users list: >> http://lists.racket-lang.org/users ____________________ Racket Users list: http://lists.racket-lang.org/users
