Re: Embedding Guile with sandboxing

2015-11-25 Thread tomas 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sun, Nov 22, 2015 at 11:06:05AM +0100, Arne Babenhauserheide wrote:
> Am Samstag, 21. November 2015, 13:35:12 schrieb Matthew Keeter:
> > If I were to replace Python with Guile, is there a way to sandbox it so 
> > that arbitrary (perhaps
> > malicious) user-provided scripts can be run safely?
> 
> The languages which try to do that are Java and Javascript, and they
> have several bugs connected to this every year (which i.e. allowing
> execution of code with elevated priviledges).
> 
> To make this safe, you could follow the route described by Pascal:
> Define a restricted sub-language which is not turing-complete. You can

I think the problem isn't Turing completeness. It's the access to
the whole machine environment.

Still a tall order.

As another point, the Tcl community has had something they call "safe"
for quite a while (they can have several interpreters in one executable
and can instantiate so-called "safe" interpreters [1]). Might be worth
a look (for inspiration -- or for use).

[1] 

- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlZVln4ACgkQBcgs9XrR2kYQyQCfTADGl0E80DtDZcCvuCcBhdhe
lZcAn2O4S4bQbWYtVcJUP/S/R/IlBJdg
=3+xj
-END PGP SIGNATURE-

Re: list of guile related projects

2015-11-25 Thread Alex Vong 
It would be great to add `GNU Make` to `guile integration or other
combination` as well according to
.

Cheers,
Alex

On 24/11/2015, tantalum  wrote:
> here is a list of projects with code that guile can run and projects that
> use guile:
>
> http://sph.mn/content/3e73
>
> i made this list and would be interested in hearing about projects i have
> missed.
>
>

Re: list of guile related projects

2015-11-25 Thread Christopher Allan Webber 
tantalum writes:

> here is a list of projects with code that guile can run and projects that use 
> guile:
>
> http://sph.mn/content/3e73
>
> i made this list and would be interested in hearing about projects i have 
> missed.

Might be nice to have 8sync on there, but admittedly there's not a 0.1
release out yet, so it's early times:

  https://notabug.org/cwebber/8sync

Re: Embedding Guile with sandboxing

2015-11-25 Thread Christopher Allan Webber 
Antimony looks really cool!

I agree that Guile doesn't provide a silver bullet here.  Again, I think
it can be done... though I think it'll require a lot of yak hair
traversal to get to that point :)

Good luck, have fun, and happy hacking!

Re: list of guile related projects

2015-11-25 Thread Pjotr Prins 
Someone should update the wikipedia page on Guile :)

On Wed, Nov 25, 2015 at 08:33:46AM -0600, Christopher Allan Webber wrote:
> tantalum writes:
> 
> > here is a list of projects with code that guile can run and projects that 
> > use guile:
> >
> > http://sph.mn/content/3e73
> >
> > i made this list and would be interested in hearing about projects i have 
> > missed.
> 
> Might be nice to have 8sync on there, but admittedly there's not a 0.1
> release out yet, so it's early times:
> 
>   https://notabug.org/cwebber/8sync
> 

--