[Sbcl-help] Creating a sandbox
132 views
Skip to first unread message
Grant Rettke
May 2, 2012, 10:48:27 PM5/2/12
to Sbcl...@lists.sourceforge.net
Hi,
Although I've not yet learned Lisp and SBCL well, I'm curious about whether preparing an eval sandbox so that it would be restricted in it's bindings, file system access, memory usage, network access, and CPU time, something like this
would be possible?
Best wishes,
Nikodemus Siivola
May 3, 2012, 2:54:19 AM5/3/12
to Grant Rettke, Sbcl...@lists.sourceforge.net
On 3 May 2012 05:48, Grant Rettke <gre...@acm.org> wrote:
> Although I've not yet learned Lisp and SBCL well, I'm curious about whether
> preparing an eval sandbox so that it would be restricted in it's bindings,
> file system access, memory usage, network access, and CPU time, something
> like this
>
> http://docs.racket-lang.org/reference/Sandboxed_Evaluation.html
>
> would be possible?
/Possible/, yes. Straightforward, actually, mostly yes. Easy to get right? No.
> Although I've not yet learned Lisp and SBCL well, I'm curious about whether
> preparing an eval sandbox so that it would be restricted in it's bindings,
> file system access, memory usage, network access, and CPU time, something
> like this
>
> http://docs.racket-lang.org/reference/Sandboxed_Evaluation.html
>
> would be possible?
Racket's language abstraction is pretty cool, and we don't have
anything like that. So you'd be rolling up some infrastructure to
start with.
Cheers,
-- nikodemus
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Sbcl-help mailing list
Sbcl...@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sbcl-help
Grant Rettke
May 3, 2012, 1:38:34 PM5/3/12
to Nikodemus Siivola, Sbcl...@lists.sourceforge.net
Thanks guys.
On Thu, May 3, 2012 at 1:54 AM, Nikodemus Siivola <niko...@random-state.net> wrote:
On 3 May 2012 05:48, Grant Rettke <gre...@acm.org> wrote:/Possible/, yes. Straightforward, actually, mostly yes. Easy to get right? No.
> Although I've not yet learned Lisp and SBCL well, I'm curious about whether
> preparing an eval sandbox so that it would be restricted in it's bindings,
> file system access, memory usage, network access, and CPU time, something
> like this
>
> http://docs.racket-lang.org/reference/Sandboxed_Evaluation.html
>
> would be possible?
Racket's language abstraction is pretty cool, and we don't have
anything like that. So you'd be rolling up some infrastructure to
start with.
Cheers,
-- nikodemus
Anton Vodonosov
May 3, 2012, 5:30:46 PM5/3/12
to Grant Rettke, sbcl...@lists.sourceforge.net
Check this https://github.com/tlikonen/cl-eval-bot. This project receives lisp code from
external source and executes it in a sandbox. Will not give you control over memory
usage and CPU time I think, but will allow to control what API's (file system functions, network
functions) are available to the lisp code.
Another thought is that OS process is a sanbox. Running lisp process from a
restricted OS user (quitas, fs access rights) might be usefull probably
if you are lookiing for a sandbox solution.
If you find a better solution, please drop news here. I am curious in sandboxing
common lisp.
03.05.2012, 21:38, "Grant Rettke" <gre...@acm.org>:
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
Teemu Likonen
May 3, 2012, 11:11:20 PM5/3/12
to Anton Vodonosov, sbcl...@lists.sourceforge.net
* Anton Vodonosov [2012-05-04 01:30:46 +0400] wrote:
> Check this https://github.com/tlikonen/cl-eval-bot. This project
> receives lisp code from external source and executes it in a sandbox.
> Will not give you control over memory usage and CPU time I think, but
> will allow to control what API's (file system functions, network
> functions) are available to the lisp code.
Yes. Especially files sandbox-impl.lisp and sandbox-cl.lisp.
> Check this https://github.com/tlikonen/cl-eval-bot. This project
> receives lisp code from external source and executes it in a sandbox.
> Will not give you control over memory usage and CPU time I think, but
> will allow to control what API's (file system functions, network
> functions) are available to the lisp code.
(I'm doing a database which looks like a simple virtual filesystem. Its
basic framework is ready but have been too busy with my dayjob to finish
it yet.)
Grant Rettke
May 5, 2012, 2:18:58 PM5/5/12
to Teemu Likonen, sbcl...@lists.sourceforge.net
Excellent thanks guys.
On Thu, May 3, 2012 at 10:11 PM, Teemu Likonen <tlik...@iki.fi> wrote:
* Anton Vodonosov [2012-05-04 01:30:46 +0400] wrote:Yes. Especially files sandbox-impl.lisp and sandbox-cl.lisp.
> Check this https://github.com/tlikonen/cl-eval-bot. This project
> receives lisp code from external source and executes it in a sandbox.
> Will not give you control over memory usage and CPU time I think, but
> will allow to control what API's (file system functions, network
> functions) are available to the lisp code.
(I'm doing a database which looks like a simple virtual filesystem. Its
basic framework is ready but have been too busy with my dayjob to finish
it yet.)
Reply all
Reply to author
Forward
0 new messages