I've read about protect-out and current-code-inspector, but I still cannot understand, how to require a module and forbid it to run protected modules.Something like (require untrusted-foo) (foo-proc) but to forbid foo-proc to use ffi/unsafe.
--
You received this message because you are subscribed to the Google Groups "Racket Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to racket-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/racket-users/5f10a124-6aeb-4389-8421-92034e93f8a7n%40googlegroups.com.
At Thu, 21 Oct 2021 07:37:12 -0700 (PDT), "kalime...@gmail.com" wrote:
> I've read about protect-out and current-code-inspector, but I still cannot
> understand, how to require a module and forbid it to run protected modules.
>
> Something like (require untrusted-foo) (foo-proc) but to forbid foo-proc to
> use ffi/unsafe.
If you use
(current-code-inspector (make-inspector))
(require untrusted-foo)
and assuming that `untrusted-foo` hasn't been loaded earlier, then
`untrusted-foo` will not be able to use protected binding.
That sequence will also disable the use of protected bindings by
anything that `untrusted-foo` depends on and that hasn't already been
loaded. So, if you want those dependencies to be able to use untrusted
things, you need to load the before `(current-code-inspector
(make-inspector))`.
--
You received this message because you are subscribed to the Google Groups "Racket Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to racket-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/racket-users/20211022114302.3e4%40sirmail.smtps.cs.utah.edu.