SRFI 172: Two Safer Subsets of R7RS

by John Cowan

status: final (2019/11/10)

Abstract

This SRFI provides two libraries for use with R7RS that provide a way to sandbox the eval procedure to make it safer to use in evaluating Scheme expressions of doubtful provenance. The intention is to call eval, passing it an S-expression representing a Scheme procedure and the environment defined by one of these libraries. Since code evaluated by eval runs in a null lexical environment, the resulting procedure can then be invoked with less concern about possible side effects.

Use of these libraries does not provide any sort of safety guarantee. There are still many loopholes uncaught, including attempts to process circular structure and over-allocation of memory. The claim is only that the probability of such an attack is reduced, not that it is eliminated. However, using these libraries is a simple provision that is easy to implement and easy to use. For higher safety, it can readily be combined with other provisions.