[Ecls-list] -shell and -load difference

David Creelman dave at geko.net.au
Fri Oct 19 08:07:56 UTC 2007


On Thu, Oct 18, 2007 at 10:00:56AM +0200, Juan Jose Garcia-Ripoll wrote:
> 2007/10/18, Erik Huelsmann <ehuels at gmail.com>:
> > >
> > > PS
> > > ...Is there a way to run CL code from strings within ECL without writing
> > > and reading a temporary file (this would just be a nicety since it works
> > > fine as is)?
> >
> > Yes and it works on all CLs:
> >
> > (defun eval-string (your-code)
> >   (eval (read-from-string your-code)))
>
> This is probably not your problem, but if you are to evaluate
> arbitrary strings coming from an email, I would set up two security
> measures: one is to ensure that only authorized emails run the code
> and the other one to set up a safe environment for _reading_ the lisp
> objects from the string. Ideally you would set up a package where
> there is no access to system symbols and maybe some functions have
> been removed. You might even want to deactivate #.  the reader macro
> for executing code.

Hi Juanjo,
Thanks for that. Yes, the only emails that will run this script will be
authorised (I might go and double check this).
Your second measure is interesting. I always thought that there was no
way to stop system symbols being seen (by this I'm guessing you mean
the SI: package ?)
How do I deactivate the reader macro?
This is quite neat. I didn't realise that the security could be this find
grained.

Thanks for your advice too Erik.

Regards
David

>
> Juanjo
>
> --
> Facultad de Fisicas, Universidad Complutense,
> Ciudad Universitaria s/n Madrid 28040 (Spain)
> http://juanjose.garciaripoll.googlepages.com
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems?  Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >> http://get.splunk.com/
> _______________________________________________
> Ecls-list mailing list
> Ecls-list at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/ecls-list





More information about the ecl-devel mailing list