|
From: | Mark H Weaver |
Subject: | Re: Is there any security risk related to the use of the reader? |
Date: | Thu, 01 Mar 2018 18:56:11 -0500 |
User-agent: | Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) |
Amirouche Boubekki <address@hidden> writes: > I have procedures like that in my program: > > (define-public (scm->string scm) > (call-with-output-string > (lambda (port) > (write scm port)))) > > (define-public (string->scm string) > (call-with-input-string string read)) > > Is it safe to pass to this procedures input from third parties? I would not consider Guile's 'read' to be trustworthy when processing potentially malicious inputs. Mark
[Prev in Thread] | Current Thread | [Next in Thread] |