From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 39997 invoked by alias); 22 Nov 2017 20:58:09 -0000 Mailing-List: contact kawa-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: kawa-owner@sourceware.org Received: (qmail 38949 invoked by uid 89); 22 Nov 2017 20:58:08 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.7 required=5.0 tests=BAYES_00,KB_WAM_FROM_NAME_SINGLEWORD,SPF_PASS,T_RP_MATCHES_RCVD autolearn=no version=3.3.2 spammy=H*Ad:U*kawa, H*M:int, H*r:390, H*M:info X-HELO: mail.io7m.com Received: from mail.io7m.com (HELO mail.io7m.com) (45.77.76.92) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 22 Nov 2017 20:58:07 +0000 Received: from copperhead.int.arc7.info (unknown [IPv6:2a02:390:7502:2:0:2:1:0]) by mail.io7m.com (Postfix) with ESMTPSA id 6886C6355; Wed, 22 Nov 2017 20:58:05 +0000 (UTC) Date: Wed, 22 Nov 2017 20:58:00 -0000 From: Mark Raynsford To: Per Bothner Cc: kawa@sourceware.org Subject: Re: Sandboxing Kawa Message-ID: <20171122205752.2ef2fdd9@copperhead.int.arc7.info> In-Reply-To: References: <20171122111055.21383f32@copperhead.int.arc7.info> OpenPGP: id=8168DAE22B15D3EDC722C23D0F15B7D06FA80CB8; url=http://io7m.com/pgp/8168_DAE2_2B15_D3ED_C722_C23D_0F15_B7D0_6FA8_0CB8.key MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; boundary="Sig_/3pLcP+G6bbUAOGmyvDQkKjc"; protocol="application/pgp-signature" X-IsSubscribed: yes X-SW-Source: 2017-q4/txt/msg00037.txt.bz2 --Sig_/3pLcP+G6bbUAOGmyvDQkKjc Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Content-length: 1780 On 2017-11-22T20:57:31 +0100 Per Bothner wrote: > On 11/22/2017 12:10 PM, Mark Raynsford wrote: > > I have the following questions after playing with the Kawa API a bit: > >=20 > > 1. Is it possible to restrict the initially available symbols in a > > kawa.standard.Scheme instance to a tiny core subset (such as lambda, > > if, define, begin, etc)? A default Scheme instance in Kawa has 807 > > symbols in the environment.=20=20 >=20 > The default Kawa environment is defined by the (two) calls to > loadClass("kawa.lib.kawa.base", xxx) in kawa/standard/Scheme.java. > So all of the initially visible names are defined by kawa.lib.kawa.base > (defined in kawa/lib/kawa/base.scm). So you can replace kawa.lib.kawa.ba= se > to a "smaller" initial library. >=20 > I suggested creating sub-classes of kawa.standard,Scheme and > kawa.standard.SchemeCompilation. >=20 > In addition you need to override checkDefaultBinding from > SchemeCompilation. The easiest and most reliable is just have it return = null. Right. > > 2. Is it possible to restrict the interpreter to only working with a > > single java.nio.file.FileSystem? I'd like it if any attempt to do I/O > > went through a given filesystem instance. I don't mind if I have to > > implement my own I/O library to do this. > >=20 > > 3. Is it possible to restrict the classes that the interpreter is > > allowed to access or import? For example, right now nothing stops the > > someone from writing (java.lang.System:exit 0).=20=20 >=20 > Both of these require disabling "backdoors" to Java classes, methods, > fields. Overriding ,checkDefaultBidning and maybe the colon > operator should do that. OK, thanks! I'll try those as a first pass implementation. --=20 Mark Raynsford | http://www.io7m.com --Sig_/3pLcP+G6bbUAOGmyvDQkKjc Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature Content-length: 833 -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEgWja4isV0+3HIsI9DxW30G+oDLgFAloV5NAACgkQDxW30G+o DLgfmw/9EU67goXF+oGZSOFAYj1IRquagK1/CtU6HawyysEiGIr3zulm1EjJ9JLl UhLnou5yZneixiBVA07GbZzv5Zx9ESLBRd13oDRdYLjQc8K7uZVuurrZ56m6OOXQ NEQrWTHZCKSQ8C38fgY0N0gG16z6c8Ae+Yz94Fqb6EI7C7TytgaXiHbCneEc5Vrr keR/HPBz74q6EMDfZVVngTy70EiZWyJnqhH4d/1RFFm5EoQZ6zkWu5Gj2300dSo7 dyjTX8+pJ66spmkZlwQKmyz0K2gHY4GrLKItmFAyRqIl3r9yd6K62tx7rtxBe641 HrS8tRxgBwhxWRP6XHr+tlyCP9Wv9gcEXBE+6958lTtNGoKNyttt977ZEQ85QDz0 aN7PCEJqln1Y+UlSgYwI6dqkySJuv4cVkHGf4EclRKIV2wJxI0yl7NoJCoDxSLb1 22BCHOLDt+BCYGztTAE2haVvQpficuxJnQso+8PFusz+C6/isfDiDZk8LWE6ZlgT PMNscTdU5OnXmsvQ7TCY8SS5EmZEuO+CRIelOb3MFolWCadhwXjgLzMsPV+fIqCY sT6XVjWIisN4dzWnwvCC9sHU77ZiQRPZ0w2EJLZgm1wedBD3ZrXjVDV8Exjm2XSH Yt6hB2ifkq0+QmWyIXBFgoSvDjUzzTit5TOzWJtqJ4UMPX8RjgA= =JUSU -----END PGP SIGNATURE----- --Sig_/3pLcP+G6bbUAOGmyvDQkKjc--