Page 2 of 2

Re: Archaic Code Contest in Common Lisp

PostPosted: Tue May 05, 2009 4:38 pm
by findinglisp
You could also write a meta-interpreter in CL for the limited subset defined in the original paper in about 5 minutes and just have people use the interpreter. From there, sure, everybody could recreate CLOS if they really wanted to, but it would take them a while.

BTW, why the requirement for things to be so secure? If it's just a contest for fun, can you not rely on people to adhere to the rules without having to jump through hoops to prevent cheating? Or maybe I'm misunderstanding the point of the exercise. I mean, if there's $1M hanging on this, or something, then yea, I suppose you need to take steps to prevent cheating. If it's only for your own personal self-worth, you'd have to have pretty low self-worth to cheat your way toward self-worth. :)

Re: Archaic Code Contest in Common Lisp

PostPosted: Thu May 07, 2009 8:57 pm
by Kohath
As an idea for a secure interpreter, how about create a checking program/function/macro that checks to see if the submitted code contains any 'non-secure' function/macro calls? That might :?: be easier than trying to saw off big chunks of lisp.

Re: Archaic Code Contest in Common Lisp

PostPosted: Fri May 08, 2009 7:08 am
by gugamilare
Kohath wrote:As an idea for a secure interpreter, how about create a checking program/function/macro that checks to see if the submitted code contains any 'non-secure' function/macro calls? That might :?: be easier than trying to saw off big chunks of lisp.


Not as simple, you will need to implement a code walker, or use Arnesi's. Well, ok, using Arnesi's code walker seems quite easy. But I believe it is much easier to create a package and only put allowed functions in the package.

Re: Archaic Code Contest in Common Lisp

PostPosted: Fri May 08, 2009 8:43 am
by dmitry_vk
Kohath wrote:As an idea for a secure interpreter, how about create a checking program/function/macro that checks to see if the submitted code contains any 'non-secure' function/macro calls? That might :?: be easier than trying to saw off big chunks of lisp.

How about that?
Code: Select all
(let ((x "SOME-UNAUTHORIZED-FUNCTION"))
  (funcall (symbol-function (find-symbol x))))

Re: Archaic Code Contest in Common Lisp

PostPosted: Fri May 08, 2009 1:11 pm
by gugamilare
dmitry_vk wrote:
Kohath wrote:As an idea for a secure interpreter, how about create a checking program/function/macro that checks to see if the submitted code contains any 'non-secure' function/macro calls? That might :?: be easier than trying to saw off big chunks of lisp.

How about that?
Code: Select all
(let ((x "SOME-UNAUTHORIZED-FUNCTION"))
  (funcall (symbol-function (find-symbol x))))


You are assuming that symbol-function and find-symbol are gonna be allowed by the checking program.

Anyway, using packages, it is easy: only change the package to safe package before loading a file:

Code: Select all
(defpackage :safe-package-functions
  (:use :whatever :cl)
  (:export #:1+ #:1- #:zerop #:defun #:cons #:car #:cdr))

(defpackage :safe-package
  (:use :safe-package-functions))


The only way to call the function find-symbol is to write explicitly cl:find-symbol, therefore using symbols of another package. A simple use of cl-ppcre on the file (scan something that matches either \w:\w or \w::\w) will make sure that does not happen.