diff --git a/collects/racket/sandbox.rkt b/collects/racket/sandbox.rkt index 8acb49fc66..4acaa21e6e 100644 --- a/collects/racket/sandbox.rkt +++ b/collects/racket/sandbox.rkt @@ -150,7 +150,12 @@ (define sandbox-path-permissions (make-parameter '() (lambda (new) - (map (lambda (perm) (list (car perm) (path->bregexp (cadr perm)))) + (map (lambda (perm) + (if (and (pair? perm) (symbol? (car perm)) + (pair? (cdr perm)) (null? (cddr perm))) + (list (car perm) (path->bregexp (cadr perm))) + (error 'sandbox-path-permissions + "bad permission spec: ~e" perm))) new)))) ;; compresses the (sandbox-path-permissions) value to a "compressed" list of diff --git a/collects/scribblings/reference/sandbox.scrbl b/collects/scribblings/reference/sandbox.scrbl index fbdfc2e883..ab3c979cce 100644 --- a/collects/scribblings/reference/sandbox.scrbl +++ b/collects/scribblings/reference/sandbox.scrbl @@ -931,11 +931,15 @@ evaluator. The call is performed under the resource limits and evaluation handler that are used for evaluating expressions, unless @racket[unrestricted?] is specified as true. -This process is usually similar to @racket[(evaluator (list thunk))], except -that it relies on the common meaning of list expressions as function -application (which is not true in all languages), and it relies on -@racket[eval] allowing non-S-expression input. In -addition, you can avoid some of the sandboxed restrictions by using +This process is usually similar to @racket[(evaluator (list thunk))], +except that it does not rely on the common meaning of a sexpr-based +syntax with list expressions as function application (which is not true +in all languages). Note that this is more useful for meta-level +operations such as namespace manipulation, it is not intended to be used +as a safe-evaluation replacement (i.e., using the sandbox evaluator as +usual). + +In addition, you can avoid some of the sandboxed restrictions by using your own permissions, for example, @racketblock[ (let ([guard (current-security-guard)])