guile-user
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Is there any security risk related to the use of the reader?


From: Mark H Weaver
Subject: Re: Is there any security risk related to the use of the reader?
Date: Thu, 01 Mar 2018 18:56:11 -0500
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux)

Amirouche Boubekki <address@hidden> writes:

> I have procedures like that in my program:
>
> (define-public (scm->string scm)
>   (call-with-output-string
>     (lambda (port)
>       (write scm port))))
>
> (define-public (string->scm string)
>   (call-with-input-string string read))
>
> Is it safe to pass to this procedures input from third parties?

I would not consider Guile's 'read' to be trustworthy when processing
potentially malicious inputs.

      Mark



reply via email to

[Prev in Thread] Current Thread [Next in Thread]