The Dangers of read and eval
We’ve used both the eval
and the read
commands in creating a custom Lisp REPL. These commands are very powerful, but also very dangerous. Using them without taking the proper precautions might allow a hacker to attack your software by running malicious commands.
For example, suppose our program needed a function called format-harddrive
. This is not a function we would want just any person to have access to, and it could be very dangerous if a hacker somehow tricked our game REPL into calling it.
The game-eval
function we created earlier in this chapter has some crude safeguards to prevent a player from entering format-harddrive
as a game command. Here’s what happens if we try to run this command in our new game REPL: ...
Get Land of Lisp now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.