skapata has quit [Remote host closed the connection]
notzmv has joined #racket
wheatengineer has joined #racket
notzmv has quit [Ping timeout: 256 seconds]
casaca has quit [Read error: Connection reset by peer]
sm2n has quit [Read error: Connection reset by peer]
cpli has quit [Write error: Connection reset by peer]
ashpool has quit [Write error: Connection reset by peer]
artyn has quit [Write error: Connection reset by peer]
jakzale has quit [Write error: Connection reset by peer]
JoelMcCracken has quit [Write error: Connection reset by peer]
henrytill has quit [Write error: Connection reset by peer]
matta has quit [Write error: Connection reset by peer]
oter has quit [Remote host closed the connection]
djelic has quit [Write error: Connection reset by peer]
raghavgururajan has joined #racket
listentolist has joined #racket
djelic has joined #racket
matta has joined #racket
artyn has joined #racket
jakzale has joined #racket
henrytill has joined #racket
oter has joined #racket
ashpool has joined #racket
JoelMcCracken has joined #racket
sm2n has joined #racket
cpli has joined #racket
nm0i has quit [Remote host closed the connection]
casaca has joined #racket
lucasta has joined #racket
morte has joined #racket
notzmv has joined #racket
Origin has joined #racket
nm0i has joined #racket
Origin has quit [Quit: Leaving]
Origin has joined #racket
Ekho has quit [Quit: CORE ERROR, SYSTEM HALTED.]
lucasta has quit [Quit: Leaving]
Ekho has joined #racket
dbohdan has quit [Quit: ZNC 1.8.2+deb3.1 - https://znc.in]
dbohdan has joined #racket
morte has quit [Remote host closed the connection]
morte has joined #racket
<samth>
technomancy: you can use the usual sandboxing facilities (this is what DrRacket does for automated background compilation). there is not a built-in mechanism to do this for compilation, in part because too much would not work
skapata has joined #racket
<technomancy>
samth: so drracket does use a safe mechanism to compile in the background by default?
<samth>
yes
<samth>
as in, it creates a sandbox and calls the compiler explicitly inside of it
<samth>
try `#lang racket (begin-for-syntax (with-output-to-file "/tmp/bar.txt" (lambda () (write 1))))` in DrRacket to see
<technomancy>
cool! and since I remember reading that the LSP server is practically just "headless drracket" is it also true that it's safe to run the LSP server on untrusted code?
<samth>
I do not know the details about how the LSP server handles those issues; I would not assume that the metaphor about "headless drracket" provides much guidance one way or the other
<technomancy>
I understand; it's probably smart to be hesitant to give out security advice without reading carefully thru the code in question =)
<technomancy>
I'm just curious because of how many different language servers I've found that do this unsafely; even opening a file can cause anything to happen with the rust language server, and I usually think of rust people as being more careful and disciplined than most
<samth>
I believe that racket-mode for emacs, which uses substantial libraries from DrRacket, does not use a sandbox, but I could be wrong
technomancy has quit [Read error: Connection reset by peer]
technomancy has joined #racket
<technomancy>
sorry; I got disconnected. did I miss anything?
<samth>
I believe that racket-mode for emacs, which uses substantial libraries from DrRacket, does not use a sandbox, but I could be wrong
wheatengineer has quit [Quit: Leaving]
<technomancy>
sure, my understanding is that racket-mode is focused around a repl, so I wouldn't really expect there to be any safety guarantees there; you should assume it's going to run the code. LSP is focused around static analysis, and it operates automatically without any prompting other than opening a file, so evaluating untrusted code without a sandbox there is problematic.
<technomancy>
different contexts
<technomancy>
we are planning on adding a capabilities system to the macros in Fennel; we already have all macros sandboxed by default but today if you need to access the disk, you need to disable the sandbox altogether. we want to allow for more fine-grained control; say, this macro should have access to read files in that directory only, etc.
<technomancy>
I figure yall are pretty well-versed in PLT lore; has anyone ever heard of prior art in this area?
technomancy has quit [Remote host closed the connection]
technomancy has joined #racket
technomancy has quit [Remote host closed the connection]
texnomancy has joined #racket
technomancy has joined #racket
skapata has quit [Ping timeout: 256 seconds]
skapate has joined #racket
init has quit [Read error: Connection reset by peer]
Tuplanolla has joined #racket
technomancy has quit [Read error: Connection reset by peer]
runrin has quit [Ping timeout: 245 seconds]
runrin has joined #racket
<samth>
technomancy: racket-mode really works more like drracket (or an LSP) than a traditional emacs Lisp interface
<samth>
technomancy: the racket sandbox has that kind of fine-grained control but I do not know of any metaprogramming system (including Racket) that makes use of such. the closest analog I can think of is build systems like bazel
szkl has quit [Quit: Connection closed for inactivity]
kengruven has quit [Ping timeout: 276 seconds]
kengruven has joined #racket
technomancy has joined #racket
morte has quit [Read error: Connection reset by peer]
technomancy has quit [Remote host closed the connection]