From c3a59ee1c4125488dc63a5abe8f7fe499f9fd8b5 Mon Sep 17 00:00:00 2001 From: Asumu Takikawa Date: Tue, 20 Oct 2015 17:26:44 -0400 Subject: [PATCH] Use `protect-out` for unsafe operations Disallows usage in sandboxes and similar contexts --- typed-racket-lib/typed/racket/unsafe.rkt | 4 ++-- typed-racket-test/fail/sandboxed-unsafe-ops.rkt | 15 +++++++++++++++ 2 files changed, 17 insertions(+), 2 deletions(-) create mode 100644 typed-racket-test/fail/sandboxed-unsafe-ops.rkt diff --git a/typed-racket-lib/typed/racket/unsafe.rkt b/typed-racket-lib/typed/racket/unsafe.rkt index 25e80cf8..05014e53 100644 --- a/typed-racket-lib/typed/racket/unsafe.rkt +++ b/typed-racket-lib/typed/racket/unsafe.rkt @@ -2,8 +2,8 @@ ;; This module provides unsafe operations for Typed Racket -(provide unsafe-provide - unsafe-require/typed) +(provide (protect-out unsafe-provide + unsafe-require/typed)) (require (for-syntax racket/base typed-racket/private/syntax-properties diff --git a/typed-racket-test/fail/sandboxed-unsafe-ops.rkt b/typed-racket-test/fail/sandboxed-unsafe-ops.rkt new file mode 100644 index 00000000..df16b4d1 --- /dev/null +++ b/typed-racket-test/fail/sandboxed-unsafe-ops.rkt @@ -0,0 +1,15 @@ +#; +(exn-pred #rx"access disallowed by") +#lang racket/base + +;; This test checks that TR's unsafe libraries are not accessible +;; from a sandboxed context + +(require racket/sandbox) + +(parameterize ([sandbox-memory-limit 1000]) + (define eval (make-evaluator 'typed/racket)) + (eval '(require typed/racket/unsafe)) + + ;; should fail + (eval '(unsafe-require/typed racket/base [values 3])))