Added `call-with-trusted-sandbox-configuration', and used in scribble
and in tests. svn: r12871
This commit is contained in:
Eli Barzilay
parent
3e12b87cd3
commit
f74dc2b8c7
|
|
@ -25,6 +25,7 @@
|
|||
sandbox-make-logger
|
||||
sandbox-memory-limit
|
||||
sandbox-eval-limits
|
||||
call-with-trusted-sandbox-configuration
|
||||
evaluator-alive?
|
||||
kill-evaluator
|
||||
break-evaluator
|
||||
|
|
@ -63,6 +64,18 @@
|
|||
(define sandbox-propagate-breaks (make-parameter #t))
|
||||
(define sandbox-coverage-enabled (make-parameter #f))
|
||||
|
||||
(define (call-with-trusted-sandbox-configuration thunk)
|
||||
(parameterize ([sandbox-propagate-breaks #t]
|
||||
[sandbox-override-collection-paths '()]
|
||||
[sandbox-security-guard current-security-guard]
|
||||
[sandbox-exit-handler (current-exit-handler)]
|
||||
[sandbox-make-inspector current-inspector]
|
||||
[sandbox-make-code-inspector current-code-inspector]
|
||||
[sandbox-make-logger current-logger]
|
||||
[sandbox-memory-limit #f]
|
||||
[sandbox-eval-limits #f])
|
||||
(thunk)))
|
||||
|
||||
(define sandbox-namespace-specs
|
||||
(make-parameter `(,(mz/mr make-base-namespace make-gui-namespace)
|
||||
#| no modules here by default |#)))
|
||||
|
|
|
|||
|
|
@ -239,19 +239,16 @@
|
|||
[else stx]))
|
||||
|
||||
(define (make-base-eval)
|
||||
(parameterize ([sandbox-security-guard (current-security-guard)]
|
||||
[sandbox-output 'string]
|
||||
[sandbox-error-output 'string]
|
||||
[sandbox-eval-limits #f]
|
||||
[sandbox-memory-limit #f]
|
||||
[sandbox-make-inspector current-inspector]
|
||||
[sandbox-make-code-inspector current-code-inspector])
|
||||
(make-evaluator '(begin (require scheme/base)))))
|
||||
(call-with-trusted-sandbox-configuration
|
||||
(lambda ()
|
||||
(parameterize ([sandbox-output 'string]
|
||||
[sandbox-error-output 'string])
|
||||
(make-evaluator '(begin (require scheme/base)))))))
|
||||
|
||||
(define (close-eval e)
|
||||
(kill-evaluator e)
|
||||
"")
|
||||
|
||||
|
||||
(define (do-plain-eval ev s catching-exns?)
|
||||
(call-with-values (lambda ()
|
||||
((scribble-eval-handler)
|
||||
|
|
|
|||
|
|
@ -16,12 +16,11 @@
|
|||
The @schememodname[scheme/sandbox] module provides utilities for
|
||||
creating ``sandboxed'' evaluators, which are configured in a
|
||||
particular way and can have restricted resources (memory and time),
|
||||
filesystem access, and network access. The common use case for this
|
||||
module is for a restricted sandboxed environment, so the defaults are
|
||||
set up to make it safe. For other uses you will likely need to change
|
||||
mane of these settings.
|
||||
filesystem and network access, and much. Sandboxed evaluators can be
|
||||
configured through numerous parameters --- and the defaults are set
|
||||
for the common use case where sandboxes are very limited.
|
||||
|
||||
@defproc*[([(make-evaluator [language (or/c module-path?
|
||||
@defproc*[([(make-evaluator [language (or/c module-path?
|
||||
(list/c 'special symbol?)
|
||||
(cons/c 'begin list?))]
|
||||
[input-program any/c] ...
|
||||
|
|
@ -260,9 +259,29 @@ either @scheme['time] or @scheme['memory].}
|
|||
|
||||
@section{Customizing Evaluators}
|
||||
|
||||
The evaluators that @scheme[make-evaluator] creates can be customized
|
||||
via several parameters. These parameters affect newly created
|
||||
evaluators; changing them has no effect on already-running evaluators.
|
||||
The sandboxed evaluators that @scheme[make-evaluator] creates can be
|
||||
customized via many parameters. Most of the configuration parameters
|
||||
affect newly created evaluators; changing them has no effect on
|
||||
already-running evaluators.
|
||||
|
||||
The default configuration options are set for a very restricted
|
||||
sandboxed environment --- one that is safe to make publicly available.
|
||||
Further customizations might be needed in case more privileges are
|
||||
needed, or if you want tighter restrictions. Another useful approach
|
||||
for customizing an evaluator is to begin with a relatively
|
||||
unrestricted configuration and add the desired restrictions. This is
|
||||
possible by the @scheme[call-with-trusted-sandbox-configuration]
|
||||
function.
|
||||
|
||||
@defproc[(call-with-trusted-sandbox-configuration [thunk (-> any)])
|
||||
any]{
|
||||
|
||||
Invokes the @scheme[thunk] in a context where sandbox configuration
|
||||
parameters are set for minimal restrictions. More specifically, there
|
||||
are no memory or time limits, and the existing existing inspectors,
|
||||
security guard, exit handler, and logger are used. (Note that the I/O
|
||||
ports settings are not included.)}
|
||||
|
||||
|
||||
@defparam[sandbox-init-hook thunk (-> any)]{
|
||||
|
||||
|
|
|
|||
|
|
@ -78,15 +78,12 @@ transcript.
|
|||
|
||||
(define (load-in-sandbox file)
|
||||
(define-syntax-rule (S id) (dynamic-require 'scheme/sandbox 'id))
|
||||
(let ([e (parameterize ([(S sandbox-security-guard) (current-security-guard)]
|
||||
[(S sandbox-input) current-input-port]
|
||||
[(S sandbox-output) current-output-port]
|
||||
[(S sandbox-error-output) current-error-port]
|
||||
[(S sandbox-make-inspector) current-inspector]
|
||||
[(S sandbox-make-code-inspector) current-code-inspector]
|
||||
[(S sandbox-memory-limit) 100] ; 100mb per box
|
||||
[(S sandbox-eval-limits) #f])
|
||||
((S make-evaluator) '(begin) #:requires (list 'scheme)))])
|
||||
(let ([e ((S call-with-trusted-sandbox-configuration)
|
||||
(parameterize ([(S sandbox-input) current-input-port]
|
||||
[(S sandbox-output) current-output-port]
|
||||
[(S sandbox-error-output) current-error-port]
|
||||
[(S sandbox-memory-limit) 100]) ; 100mb per box
|
||||
((S make-evaluator) '(begin) #:requires (list 'scheme))))])
|
||||
(e `(load-relative "testing.ss"))
|
||||
(e `(define real-error-port (quote ,real-error-port)))
|
||||
(e `(define Section-prefix ,Section-prefix))
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user