This is the mail archive of the
guile@sourceware.cygnus.com
mailing list for the Guile project.
Re: Safe Guile?
- To: orre at nada dot kth dot se (Roland Orre)
- Subject: Re: Safe Guile?
- From: thi <ttn at mingle dot glug dot org>
- Date: Wed, 17 Nov 1999 11:06:49 -0800 (PST)
- Cc: Jost Boekemeier <jostobfe at calvados dot zrz dot TU-Berlin dot DE>, "Marisha Ray & Neil Jerram" <mpriz at dircon dot co dot uk>, Olivier dot Buechel at unifr dot ch, knotwell at f5 dot com, guile at sourceware dot cygnus dot com
- References: <199911171340.OAA26415@faun.nada.kth.se>
- Reply-To: ttn at netcom dot com
Roland Orre writes:
> No, at the moment there is no simple way to avoid getting all definitions
> from the root guile module.
>
> [snip]
>
> The only necessary addition which would be needed to the module system
> would be a control option telling that you don't want the root module,
> like:
>
> [...]
>
> (define-module (my-safe-schme)
> :norootmodule
i think allowing user extension of `define-module' is the way to go:
http://sourceware.cygnus.com/ml/guile/1999-10/msg00018.html
> :use-module (safe-scheme))
> ; Here in this module we can now only perform operations
> ; we consider safe, but not e.g load-module, set-current-module etc
> ; which would be too powerful, as a lot of other stuff which is
> ; hard to have control over.
> ;;;;;;;;;;;;;;;
>
> [snip]
>
> We already have a powerful module system which is now also being
> improved (rewritten?) by Jost and by defining security as modules you
> can have a very strict and precise control of your security needs.
i hope module system (re)implementors consider a user hook, as it can be
used to construct a safe-guile (depending on user's definition of safe)
among other things, and helps to avoid current hackery required for true
(ie, complete) utility.
thi