suzanne.soy/racket
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Shuffle the sandbox parameters so they make a bit more sense.

Browse Source 
(Specifically, more restrictions come earlier.)
This commit is contained in:
Eli Barzilay 2011-11-02 17:46:40 -04:00
parent 90f7a98dd6
commit 40f3388051
1 changed files with 26 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
collects/racket/sandbox.rkt
View File

@ -878,19 +878,13 @@
(;; create a sandbox context first
[current-custodian user-cust]
[current-thread-group (make-thread-group)]
;; set up the IO context
[current-input-port
(let ([inp (sandbox-input)])
(cond [(not inp) null-input]
[(input->port inp) => values]
[(and (procedure? inp) (procedure-arity-includes? inp 0)) (inp)]
[(eq? 'pipe inp)
(let-values ([(i o) (make-pipe)]) (set! input o) i)]
[else (error who "bad sandbox-input: ~e" inp)]))]
[current-output-port (make-output 'output (sandbox-output)
(lambda (o) (set! output o)))]
[current-error-port (make-output 'error-output (sandbox-error-output)
(lambda (o) (set! error-output o)))]
;; Note the above definition of `current-eventspace': in Racket, it
;; is an unused parameter. Also note that creating an eventspace
;; starts a thread that will eventually run the callback code (which
;; evaluates the program in `run-in-bg') -- so this parameterization
;; must be nested in the above (which is what paramaterize* does), or
;; it will not use the new namespace.
[current-eventspace (parameterize-break #f (make-eventspace))]
;; paths
[current-library-collection-paths
(filter directory-exists?
@ -905,11 +899,6 @@
(read ,(find-lib-dir))
,@(compute-permissions allow)
,@(sandbox-path-permissions))]
;; general info
[current-command-line-arguments '#()]
;; prevent a potential value here from messing up creating the sandboxed
;; module
[current-module-declare-name #f]
;; restrict the sandbox context from this point
[current-security-guard
(let ([g (sandbox-security-guard)]) (if (security-guard? g) g (g)))]
@ -933,20 +922,30 @@
(handler path modname))
;; otherwise, just let the old handler throw a proper error
(handler path modname))))]
;; prevent a potential value here from messing up creating the sandboxed
;; module
[current-module-declare-name #f]
;; set up the IO context
[current-input-port
(let ([inp (sandbox-input)])
(cond [(not inp) null-input]
[(input->port inp) => values]
[(and (procedure? inp) (procedure-arity-includes? inp 0)) (inp)]
[(eq? 'pipe inp)
(let-values ([(i o) (make-pipe)]) (set! input o) i)]
[else (error who "bad sandbox-input: ~e" inp)]))]
[current-output-port (make-output 'output (sandbox-output)
(lambda (o) (set! output o)))]
[current-error-port (make-output 'error-output (sandbox-error-output)
(lambda (o) (set! error-output o)))]
;; no exiting
[exit-handler
(let ([h (sandbox-exit-handler)])
(if (eq? h default-sandbox-exit-handler)
(lambda _ (terminate+kill! 'exited #f))
h))]
;; Note the above definition of `current-eventspace': in Racket, it
;; is an unused parameter. Also note that creating an eventspace
;; starts a thread that will eventually run the callback code (which
;; evaluates the program in `run-in-bg') -- so this parameterization
;; must be nested in the above (which is what paramaterize* does), or
;; it will not use the new namespace.
[current-eventspace (parameterize-break
#f
(make-eventspace))]
;; general info
[current-command-line-arguments '#()]
;; Finally, create the namespace in the restricted environment (in
;; particular, it must be created under the new code inspector)
[current-namespace (make-evaluation-namespace)])