20 minutes ago, Nadeem Abdul Hamid wrote:
>
> In general, any scenario where you need to dynamically load
> *untrusted* code might be a situation where you would want to use a
> sandbox to isolate that code from your program and yet still be able
> to interact with it to some degree. If all you wanted to do was
> dynamically load code that you trust (i.e. you wrote yourself, or
> trust the source), then instead of a sandbox there are other
> mechanisms to do that more directly (things like 'eval',
> 'dynamic-require', 'load', etc.)
Security is of course the main use of sandbox, but the isolation
aspect is important too. For example, you want to run some code and
make sure that it has a "clean" environment and that it cannot
interact with your own environment. It's true that there are all of
these tools -- like creating a new namespace to evaluate the code,
wrapping the code in a new custodian, diverting its IO, etc -- and the
sandbox library is basically doing all of that. For an example,
consider drracket running your code[*]. The
`call-with-trusted-sandbox-configuration' function encapsulate a
sandbox configuration for such cases.
([*] It's not using the sandbox library, but that's mostly because
it's older.)
--
((lambda (x) (x x)) (lambda (x) (x x))) Eli Barzilay:
http://barzilay.org/ Maze is Life!
____________________
Racket Users list:
http://lists.racket-lang.org/users
