diff --git a/collects/racket/sandbox.rkt b/collects/racket/sandbox.rkt
index 53c54f2b37..7aad1f7a34 100644
--- a/collects/racket/sandbox.rkt
+++ b/collects/racket/sandbox.rkt
@@ -878,19 +878,13 @@
    (;; create a sandbox context first
     [current-custodian user-cust]
     [current-thread-group (make-thread-group)]
-    ;; set up the IO context
-    [current-input-port
-     (let ([inp (sandbox-input)])
-       (cond [(not inp) null-input]
-             [(input->port inp) => values]
-             [(and (procedure? inp) (procedure-arity-includes? inp 0)) (inp)]
-             [(eq? 'pipe inp)
-              (let-values ([(i o) (make-pipe)]) (set! input o) i)]
-             [else (error who "bad sandbox-input: ~e" inp)]))]
-    [current-output-port (make-output 'output (sandbox-output)
-                                      (lambda (o) (set! output o)))]
-    [current-error-port (make-output 'error-output (sandbox-error-output)
-                                     (lambda (o) (set! error-output o)))]
+    ;; Note the above definition of `current-eventspace': in Racket, it
+    ;; is an unused parameter.  Also note that creating an eventspace
+    ;; starts a thread that will eventually run the callback code (which
+    ;; evaluates the program in `run-in-bg') -- so this parameterization
+    ;; must be nested in the above (which is what paramaterize* does), or
+    ;; it will not use the new namespace.
+    [current-eventspace (parameterize-break #f (make-eventspace))]
     ;; paths
     [current-library-collection-paths
      (filter directory-exists?
@@ -905,11 +899,6 @@
        (read ,(find-lib-dir))
        ,@(compute-permissions allow)
        ,@(sandbox-path-permissions))]
-    ;; general info
-    [current-command-line-arguments '#()]
-    ;; prevent a potential value here from messing up creating the sandboxed
-    ;; module
-    [current-module-declare-name #f]
     ;; restrict the sandbox context from this point
     [current-security-guard
      (let ([g (sandbox-security-guard)]) (if (security-guard? g) g (g)))]
@@ -933,20 +922,30 @@
              (handler path modname))
            ;; otherwise, just let the old handler throw a proper error
            (handler path modname))))]
+    ;; prevent a potential value here from messing up creating the sandboxed
+    ;; module
+    [current-module-declare-name #f]
+    ;; set up the IO context
+    [current-input-port
+     (let ([inp (sandbox-input)])
+       (cond [(not inp) null-input]
+             [(input->port inp) => values]
+             [(and (procedure? inp) (procedure-arity-includes? inp 0)) (inp)]
+             [(eq? 'pipe inp)
+              (let-values ([(i o) (make-pipe)]) (set! input o) i)]
+             [else (error who "bad sandbox-input: ~e" inp)]))]
+    [current-output-port (make-output 'output (sandbox-output)
+                                      (lambda (o) (set! output o)))]
+    [current-error-port (make-output 'error-output (sandbox-error-output)
+                                     (lambda (o) (set! error-output o)))]
+    ;; no exiting
     [exit-handler
      (let ([h (sandbox-exit-handler)])
        (if (eq? h default-sandbox-exit-handler)
          (lambda _ (terminate+kill! 'exited #f))
          h))]
-    ;; Note the above definition of `current-eventspace': in Racket, it
-    ;; is an unused parameter.  Also note that creating an eventspace
-    ;; starts a thread that will eventually run the callback code (which
-    ;; evaluates the program in `run-in-bg') -- so this parameterization
-    ;; must be nested in the above (which is what paramaterize* does), or
-    ;; it will not use the new namespace.
-    [current-eventspace (parameterize-break
-                         #f
-                         (make-eventspace))]
+    ;; general info
+    [current-command-line-arguments '#()]
     ;; Finally, create the namespace in the restricted environment (in
     ;; particular, it must be created under the new code inspector)
     [current-namespace (make-evaluation-namespace)])