At Sun, 9 Sep 2018 18:52:57 -0700 (PDT), Jack Firth wrote: > If I make a symbol with `gensym` (or do anything else that creates a new > value that's not `eq?` to any other value) in some module, what are the > absolute upper limits on my ability to use that symbol within the module > without allowing any other modules to get ahold of the symbol? What do code > inspectors, namespaces, sandboxes, eval, `unsafe` APIs, the FFI, etc. make > possible for malicious code in external modules?
If you don't change the code inspector, than a third party can get into the module body's namespace. So, if you bind the gensym with a definition, that will be easy to see. If you retain the symbol only through a closure, as cwebber shows, then getting to the gensym is trickier, but it's still possible via unsafe APIs. Setting the code inspector should prevent access to unsafe APIs or anything else that can inspect arbitrary data --- modulo bugs in the runtime system, of course, but also any bugs in a module that might make use of unsafe features and get loaded before the code inspector is changed. > Context: I'm exploring a "contract witness" idea whose implementation > currently relies on the eq?-ness of opaque struct instances for security. > But I vaguely recall hearing once that the The Only Way To Be Sure when it > comes to struct encapsulation is to put the definition of a struct inside a > lambda, otherwise some sort of nebulous "bad things" are possible in > external code that wants to break the invariants of a struct type. The only difference between being under a `lambda` and not should be whether the relevant module or top-level namespace is accessible to the code that you don't trust. Changing the code inspector disables `module->namespace`. Meanwhile, access to the struct content otherwise would need a more powerful inspector (i.e., you don't have to change the inspector, but merely refrain from changing it to an ancestor of the one used to create the structure type). -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to racket-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
