Yes, ou can use `dynamic-require` with a limited code inspector like this: (parameterize ([current-code-inspector (make-inspector)]) (dynamic-require 'untrusted-foo 'foo-provided-name))
At Fri, 22 Oct 2021 12:42:58 -0700 (PDT), "[email protected]" wrote: > Thank you! > > Is it possible to safely load untrusted module with dynamic-require? > > пятница, 22 октября 2021 г. в 22:59:57 UTC+5, Robby Findler: > > > On Fri, Oct 22, 2021 at 12:43 PM Matthew Flatt <[email protected]> wrote: > > > >> At Thu, 21 Oct 2021 07:37:12 -0700 (PDT), "[email protected]" wrote: > >> > I've read about protect-out and current-code-inspector, but I still > >> cannot > >> > understand, how to require a module and forbid it to run protected > >> modules. > >> > > >> > Something like (require untrusted-foo) (foo-proc) but to forbid > >> foo-proc to > >> > use ffi/unsafe. > >> > >> If you use > >> > >> (current-code-inspector (make-inspector)) > >> (require untrusted-foo) > >> > >> > > Just in case: I think Matthew as thinking of two subsequent REPL > > interactions (or calls to eval or suchlike). If you put those two together > > into a file in #lang racket, say, you won't be protected against > > untrusted-foo. > > > > Robby > > > > > >> and assuming that `untrusted-foo` hasn't been loaded earlier, then > >> `untrusted-foo` will not be able to use protected binding. > >> > >> That sequence will also disable the use of protected bindings by > >> anything that `untrusted-foo` depends on and that hasn't already been > >> loaded. So, if you want those dependencies to be able to use untrusted > >> things, you need to load the before `(current-code-inspector > >> (make-inspector))`. > >> > >> -- > >> You received this message because you are subscribed to the Google Groups > >> "Racket Users" group. > >> To unsubscribe from this group and stop receiving emails from it, send an > >> email to [email protected]. > >> > > To view this discussion on the web visit > >> > https://groups.google.com/d/msgid/racket-users/20211022114302.3e4%40sirmail.smtp > s.cs.utah.edu > >> . > >> > > > > -- > You received this message because you are subscribed to the Google Groups > "Racket Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email > to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/racket-users/004de0e0-b25f-4bae-be79-9bdd561a1 > e18n%40googlegroups.com. -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/racket-users/20211023102301.11%40sirmail.smtps.cs.utah.edu.
