racket/place: protect place-creation bindings

Closes PR 14677

pkgs/racket-pkgs/racket-doc/scribblings/reference/places.scrbl

@@ -183,7 +183,11 @@ such as a distributed places node produced by @racket[create-place-node].
 
  The @racket[module-path] argument must not be a module path of the
  form @racket[(#,(racket quote) _sym)] unless the module is predefined (see
- @racket[module-predefined?]).}
+ @racket[module-predefined?]).
+
+The @racket[dynamic-place] binding is protected in the sense of
+ @racket[protect-out], so access to this operation can be prevented
+ by adjusting the code inspector (see @secref["modprotect"]).}
 
 
 @defproc[(dynamic-place* [module-path (or/c module-path? path?)]
@@ -228,7 +232,8 @@ The @racket[dynamic-place*] procedure returns four values:
 
 ]
 
-}
+The @racket[dynamic-place*] binding is protected in the same way as
+ @racket[dynamic-place].}
 
 @defform[(place id body ...+)]{
   Creates a place that evaluates @racket[body]
@@ -238,7 +243,9 @@ The @racket[dynamic-place*] procedure returns four values:
   @racket[body]s are lifted to a function that is exported by
   the module. The result of @racket[place] is a place descriptor,
   like the result of @racket[dynamic-place].
-}
+
+The @racket[place] binding is protected in the same way as
+ @racket[dynamic-place].}
 
 @defform/subs[(place* maybe-port ...
                       id 
@@ -251,7 +258,9 @@ The @racket[dynamic-place*] procedure returns four values:
  and @racket[#:err] expressions (at most one of each) to specify ports in the same way and
  with the same defaults as @racket[dynamic-place*]. The result of
  a @racket[place*] form is also the same as for  @racket[dynamic-place*].
- }
+
+The @racket[place*] binding is protected in the same way as
+ @racket[dynamic-place].}
 
 
 @defproc[(place-wait [p place?]) exact-integer?]{

pkgs/racket-pkgs/racket-test/tests/racket/sandbox.rktl

@@ -658,7 +658,10 @@
   (define (try lang)
     (define e (make-evaluator lang))
     (e '(require ffi/unsafe))
-    (with-handlers ([exn? exn-message]) (e '(ffi-lib #f))))
+    (with-handlers ([exn? exn-message]) (e '(ffi-lib #f)))
+    (e '(require racket/place))
+    (with-handlers ([exn? exn-message]) (e '(place pch 10)))
+    (with-handlers ([exn? exn-message]) (e '(dynamic-place "x.rkt" 10))))
   (define r1 (try 'racket/base))
   (define r2 (try '(begin)))
   (test #t regexp-match?

racket/collects/racket/place.rkt

@@ -15,8 +15,8 @@
          (for-syntax racket/base
                      racket/syntax))
 
-(provide dynamic-place
-         dynamic-place*
+(provide (protect-out dynamic-place
+                      dynamic-place*)
          place-sleep
          place-wait
          place-kill
@@ -29,8 +29,8 @@
          place-message-allowed?
          place-channel-put/get
          processor-count
-         place
-         place*
+         (protect-out place
+                      place*)
          (rename-out [pl-place-enabled? place-enabled?])
          place-dead-evt
          place-location?

racket/src/racket/src/place.c

@@ -155,6 +155,11 @@ void scheme_init_place(Scheme_Env *env)
 
   scheme_finish_primitive_module(plenv);
 
+  /* Treat place creation as "unsafe", since the new place starts with
+     permissive guards that can access unsafe features that affect
+     existing places. */
+  scheme_protect_primitive_provide(plenv, scheme_intern_symbol("dynamic-place"));
+
 #ifdef MZ_USE_PLACES
   REGISTER_SO(all_child_places);
   

racket/src/racket/src/schvers.h

@@ -13,12 +13,12 @@
    consistently.)
 */
 
-#define MZSCHEME_VERSION "6.1.0.4"
+#define MZSCHEME_VERSION "6.1.0.5"
 
 #define MZSCHEME_VERSION_X 6
 #define MZSCHEME_VERSION_Y 1
 #define MZSCHEME_VERSION_Z 0
-#define MZSCHEME_VERSION_W 4
+#define MZSCHEME_VERSION_W 5
 
 #define MZSCHEME_VERSION_MAJOR ((MZSCHEME_VERSION_X * 100) + MZSCHEME_VERSION_Y)
 #define MZSCHEME_VERSION_MINOR ((MZSCHEME_VERSION_Z * 1000) + MZSCHEME_VERSION_W)