status: draft (2019/7/2)
This SRFI provides two libraries for use with R7RS that provide a
way to sandbox the
eval procedure to make it safer to use
in evaluating Scheme expressions of doubtful provenance. The intention
is to call
eval, passing it an S-expression representing a
Scheme procedure and the environment defined by one of these libraries.
Since code evaluated by
eval runs in a null lexical
environment, the resulting procedure can then be invoked with less
concern about possible side effects.
Use of these libraries does not provide any sort of safety guarantee. There are still many loopholes uncaught, including attempts to process circular structure and over-allocation of memory. The claim is only that the probability of such an attack is reduced, not that it is eliminated. However, using these libraries is a simple provision that is easy to implement and easy to use. For higher safety, it can readily be combined with other provisions.