joelmccracken / elisp-sandbox Goto Github PK
View Code? Open in Web Editor NEWA library for elisp sandboxed evaluation
A library for elisp sandboxed evaluation
Hey guys,
This project is super young at the moment. Feel free to throw whatever you want in the issue tracker!
Do you have any thoughts on DoS attack vectors? I'm especially concerned about specifics to the implementation of Emacs which makes some things problematic.
One thing that comes to mind, for example, is how Ruby doesn't garbage collect symbols. Thus, if untrusted code can create symbols, we have a DoS attack.
This seems really similar to Emacs' obarray
. If we ever provided anything like setq
for the users, we need to be careful not to actually add content obarray
, or if we do, to make sure it gets cleaned up afterwards.
Any thoughts?
Im thinking elisp-sandbox. Thoughts?
I'm not sure if the submodules are still relevant but el-spec seems to be missing. test-double also seems to be missing.
can we remove this dependency?
I see you are writing your documentation as a string inside an emacs-lisp program and then generate a README file. If you don't find it convenient, you might want to try the approach used by the buttercup project. This project has some documentation (written in Markdown) containing tests that are both visible as documentation and executable as test suite.
The point of this is to allow evaling lisp safely.
We currently do not have an eval. Erbot's is just:
(defun fsi-eval (expr)
(eval
(erblisp-sandbox expr)))
which makes total sense. We should be able to do the same. However, erbot has a whole bunch of predefined macros and functions that implement the rest of the jail. Most of the things you raised concerns about on the README could be handled here. For example, here's the while:
(defmacro fs-while (cond &rest body)
`(let
((erbn-while-ctr 0))
(while
,cond
;; this should enable the with-timeout checks..
(sleep-for 0.01)
(if (> erbn-while-ctr erbn-while-max)
(error "Max while iterations exceeded: %S"
erbn-while-ctr))
(incf erbn-while-ctr)
nil
,@body)))
Note how it adds the sleep-for?
Now personally, what I'd like to do is ensure that file and network stuff is handled but run the actual lisp in a child emacs with a timeout, so we don't have to worry about this stuff (whether a while loop is malicious or impractical).
The other thing I'd like is for this stuff to be per-jail. So I should be able to create one jail with one set of bindings and another jail with another. That could just be flet's I suppose.
But anyway, we somehow need to make a start on this. My actor system is coming along so that would be the way to jail the process... but jailing the lisp needs all those functions from erbot that deal with implementing the lisp jail pulled in to your sandbox code.
I'll try and send you patches but if you're going to work on it too that would be exciting!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.