From: Faried  Nawaz
Subject: sandbox execution, and lisp machines
Date: 
Message-ID: <1168718334.684408.275680@m58g2000cwm.googlegroups.com>
I was wondering the other day -- how did Lisp Machine (users) deal with
executing code from untrusted sources?  Did they have some sort of
sandbox mechanism, or was it never an issue?   I can't imagine them
reading every single line of code someone emailed/handed them on a
tape/etc before running it.
From: Barry Margolin
Subject: Re: sandbox execution, and lisp machines
Date: 
Message-ID: <barmar-7662F2.15584213012007@comcast.dca.giganews.com>
In article <························@m58g2000cwm.googlegroups.com>,
 "Faried  Nawaz" <······@gmail.com> wrote:

> I was wondering the other day -- how did Lisp Machine (users) deal with
> executing code from untrusted sources?  Did they have some sort of
> sandbox mechanism, or was it never an issue?   I can't imagine them
> reading every single line of code someone emailed/handed them on a
> tape/etc before running it.

They didn't deal with it at all.  This was a much simpler time, before 
the days when anyone could get on the Internet.  We pretty much knew and 
trusted each other, like small towns of the past where there were no 
locks on the doors and kids could roam free without constant parental 
supervision.

-- 
Barry Margolin, ······@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
From: Chris Riesbeck
Subject: Re: sandbox execution, and lisp machines
Date: 
Message-ID: <51208mF1ia0pqU1@mid.individual.net>
Barry Margolin wrote:
> In article <························@m58g2000cwm.googlegroups.com>,
>  "Faried  Nawaz" <······@gmail.com> wrote:
> 
>> I was wondering the other day -- how did Lisp Machine (users) deal with
>> executing code from untrusted sources?  Did they have some sort of
>> sandbox mechanism, or was it never an issue?   I can't imagine them
>> reading every single line of code someone emailed/handed them on a
>> tape/etc before running it.
> 
> They didn't deal with it at all.  This was a much simpler time, before 
> the days when anyone could get on the Internet.  We pretty much knew and 
> trusted each other, like small towns of the past where there were no 
> locks on the doors and kids could roam free without constant parental 
> supervision.
> 
...and soap windows and blow up mailboxes and shoot each other with bb 
guns. Damn Internet spoiled everything :)
From: ············@gmail.com
Subject: Re: sandbox execution, and lisp machines
Date: 
Message-ID: <1168968732.533453.139460@l53g2000cwa.googlegroups.com>
> Barry Margolin wrote:
> > In article <························@m58g2000cwm.googlegroups.com>,
> >  "Faried  Nawaz" <······@gmail.com> wrote:
> >
> >> I was wondering the other day -- how did Lisp Machine (users) deal with
> >> executing code from untrusted sources?  Did they have some sort of
> >> sandbox mechanism, or was it never an issue?   I can't imagine them
> >> reading every single line of code someone emailed/handed them on a
> >> tape/etc before running it.

This is a good general question -- I think I recall that Python had a
sandbox but it was removed from 2.4(2.5?) because there were security
holes.

My favorite example of a "sandbox" (not quite, but the idea is similar)
is Valgrind (valgrind.org), which is an x86 emulator that traps memory
bugs.  It's mainly meant for C programs as it reads debug symbols in
the executable.

I'm guessing a CL sandbox would just be a CL running within a CL; it
would have its own symbol namespace and could check instructions for
security before applying them.  The problem is, once you allow an FFI
in the sandbox, you basically need a sandbox for binaries too!

Maybe the right solution is a virtual machine?

mfh
comp.lang.lisp / 2007 / jan