From 2220452b72e1cb29e971f5921cb7a60745bcf754 Mon Sep 17 00:00:00 2001 From: Matthew Flatt Date: Mon, 11 Aug 2014 10:48:28 +0100 Subject: [PATCH] racket/place: protect place-creation bindings Closes PR 14677 --- .../scribblings/reference/places.scrbl | 17 +++++++++++++---- .../racket-test/tests/racket/sandbox.rktl | 5 ++++- racket/collects/racket/place.rkt | 8 ++++---- racket/src/racket/src/place.c | 5 +++++ racket/src/racket/src/schvers.h | 4 ++-- 5 files changed, 28 insertions(+), 11 deletions(-) diff --git a/pkgs/racket-pkgs/racket-doc/scribblings/reference/places.scrbl b/pkgs/racket-pkgs/racket-doc/scribblings/reference/places.scrbl index 57c2487711..7b59d14df8 100644 --- a/pkgs/racket-pkgs/racket-doc/scribblings/reference/places.scrbl +++ b/pkgs/racket-pkgs/racket-doc/scribblings/reference/places.scrbl @@ -183,7 +183,11 @@ such as a distributed places node produced by @racket[create-place-node]. The @racket[module-path] argument must not be a module path of the form @racket[(#,(racket quote) _sym)] unless the module is predefined (see - @racket[module-predefined?]).} + @racket[module-predefined?]). + +The @racket[dynamic-place] binding is protected in the sense of + @racket[protect-out], so access to this operation can be prevented + by adjusting the code inspector (see @secref["modprotect"]).} @defproc[(dynamic-place* [module-path (or/c module-path? path?)] @@ -228,7 +232,8 @@ The @racket[dynamic-place*] procedure returns four values: ] -} +The @racket[dynamic-place*] binding is protected in the same way as + @racket[dynamic-place].} @defform[(place id body ...+)]{ Creates a place that evaluates @racket[body] @@ -238,7 +243,9 @@ The @racket[dynamic-place*] procedure returns four values: @racket[body]s are lifted to a function that is exported by the module. The result of @racket[place] is a place descriptor, like the result of @racket[dynamic-place]. -} + +The @racket[place] binding is protected in the same way as + @racket[dynamic-place].} @defform/subs[(place* maybe-port ... id @@ -251,7 +258,9 @@ The @racket[dynamic-place*] procedure returns four values: and @racket[#:err] expressions (at most one of each) to specify ports in the same way and with the same defaults as @racket[dynamic-place*]. The result of a @racket[place*] form is also the same as for @racket[dynamic-place*]. - } + +The @racket[place*] binding is protected in the same way as + @racket[dynamic-place].} @defproc[(place-wait [p place?]) exact-integer?]{ diff --git a/pkgs/racket-pkgs/racket-test/tests/racket/sandbox.rktl b/pkgs/racket-pkgs/racket-test/tests/racket/sandbox.rktl index 24a9192817..0d4a8decab 100644 --- a/pkgs/racket-pkgs/racket-test/tests/racket/sandbox.rktl +++ b/pkgs/racket-pkgs/racket-test/tests/racket/sandbox.rktl @@ -658,7 +658,10 @@ (define (try lang) (define e (make-evaluator lang)) (e '(require ffi/unsafe)) - (with-handlers ([exn? exn-message]) (e '(ffi-lib #f)))) + (with-handlers ([exn? exn-message]) (e '(ffi-lib #f))) + (e '(require racket/place)) + (with-handlers ([exn? exn-message]) (e '(place pch 10))) + (with-handlers ([exn? exn-message]) (e '(dynamic-place "x.rkt" 10)))) (define r1 (try 'racket/base)) (define r2 (try '(begin))) (test #t regexp-match? diff --git a/racket/collects/racket/place.rkt b/racket/collects/racket/place.rkt index c0f4b9ba2f..6b8ce784b3 100644 --- a/racket/collects/racket/place.rkt +++ b/racket/collects/racket/place.rkt @@ -15,8 +15,8 @@ (for-syntax racket/base racket/syntax)) -(provide dynamic-place - dynamic-place* +(provide (protect-out dynamic-place + dynamic-place*) place-sleep place-wait place-kill @@ -29,8 +29,8 @@ place-message-allowed? place-channel-put/get processor-count - place - place* + (protect-out place + place*) (rename-out [pl-place-enabled? place-enabled?]) place-dead-evt place-location? diff --git a/racket/src/racket/src/place.c b/racket/src/racket/src/place.c index 7e1f1b4978..33b7b476ec 100644 --- a/racket/src/racket/src/place.c +++ b/racket/src/racket/src/place.c @@ -155,6 +155,11 @@ void scheme_init_place(Scheme_Env *env) scheme_finish_primitive_module(plenv); + /* Treat place creation as "unsafe", since the new place starts with + permissive guards that can access unsafe features that affect + existing places. */ + scheme_protect_primitive_provide(plenv, scheme_intern_symbol("dynamic-place")); + #ifdef MZ_USE_PLACES REGISTER_SO(all_child_places); diff --git a/racket/src/racket/src/schvers.h b/racket/src/racket/src/schvers.h index 430bb91808..988a4c9976 100644 --- a/racket/src/racket/src/schvers.h +++ b/racket/src/racket/src/schvers.h @@ -13,12 +13,12 @@ consistently.) */ -#define MZSCHEME_VERSION "6.1.0.4" +#define MZSCHEME_VERSION "6.1.0.5" #define MZSCHEME_VERSION_X 6 #define MZSCHEME_VERSION_Y 1 #define MZSCHEME_VERSION_Z 0 -#define MZSCHEME_VERSION_W 4 +#define MZSCHEME_VERSION_W 5 #define MZSCHEME_VERSION_MAJOR ((MZSCHEME_VERSION_X * 100) + MZSCHEME_VERSION_Y) #define MZSCHEME_VERSION_MINOR ((MZSCHEME_VERSION_Z * 1000) + MZSCHEME_VERSION_W)