/usr/share/doc/racket/reference/securityguards.html is in racket-doc 6.1-4.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"/><title>14.6 Security Guards</title><link rel="stylesheet" type="text/css" href="../scribble.css" title="default"/><link rel="stylesheet" type="text/css" href="extras.css" title="default"/><link rel="stylesheet" type="text/css" href="../racket.css" title="default"/><link rel="stylesheet" type="text/css" href="../manual-style.css" title="default"/><link rel="stylesheet" type="text/css" href="../manual-racket.css" title="default"/><link rel="stylesheet" type="text/css" href="../manual-racket.css" title="default"/><link rel="stylesheet" type="text/css" href="../doc-site.css" title="default"/><script type="text/javascript" src="../scribble-common.js"></script><script type="text/javascript" src="../manual-racket.js"></script><script type="text/javascript" src="../manual-racket.js"></script><script type="text/javascript" src="../doc-site.js"></script><script type="text/javascript" src="../local-redirect/local-redirect.js"></script><script type="text/javascript" src="../local-redirect/local-user-redirect.js"></script><!--[if IE 6]><style type="text/css">.SIEHidden { overflow: hidden; }</style><![endif]--></head><body id="doc-racket-lang-org"><div class="tocset"><div class="tocview"><div class="tocviewlist tocviewlisttopspace"><div class="tocviewtitle"><table cellspacing="0" cellpadding="0"><tr><td style="width: 1em;"><a href="javascript:void(0);" title="Expand/Collapse" class="tocviewtoggle" onclick="TocviewToggle(this,"tocview_0");">►</a></td><td></td><td><a href="index.html" class="tocviewlink" data-pltdoc="x"><span style="font-weight: bold">The Racket Reference</span></a></td></tr></table></div><div class="tocviewsublisttop" style="display: none;" id="tocview_0"><table cellspacing="0" cellpadding="0"><tr><td align="right">1 </td><td><a href="model.html" class="tocviewlink" data-pltdoc="x">Language Model</a></td></tr><tr><td align="right">2 </td><td><a href="notation.html" class="tocviewlink" data-pltdoc="x">Notation for Documentation</a></td></tr><tr><td align="right">3 </td><td><a href="syntax.html" class="tocviewlink" data-pltdoc="x">Syntactic Forms</a></td></tr><tr><td align="right">4 </td><td><a href="data.html" class="tocviewlink" data-pltdoc="x">Datatypes</a></td></tr><tr><td align="right">5 </td><td><a href="structures.html" class="tocviewlink" data-pltdoc="x">Structures</a></td></tr><tr><td align="right">6 </td><td><a href="mzlib_class.html" class="tocviewlink" data-pltdoc="x">Classes and Objects</a></td></tr><tr><td align="right">7 </td><td><a href="mzlib_unit.html" class="tocviewlink" data-pltdoc="x">Units</a></td></tr><tr><td align="right">8 </td><td><a href="contracts.html" class="tocviewlink" data-pltdoc="x">Contracts</a></td></tr><tr><td align="right">9 </td><td><a href="match.html" class="tocviewlink" data-pltdoc="x">Pattern Matching</a></td></tr><tr><td align="right">10 </td><td><a href="control.html" class="tocviewlink" data-pltdoc="x">Control Flow</a></td></tr><tr><td align="right">11 </td><td><a href="concurrency.html" class="tocviewlink" data-pltdoc="x">Concurrency and Parallelism</a></td></tr><tr><td align="right">12 </td><td><a href="Macros.html" class="tocviewlink" data-pltdoc="x">Macros</a></td></tr><tr><td align="right">13 </td><td><a href="input-and-output.html" class="tocviewlink" data-pltdoc="x">Input and Output</a></td></tr><tr><td align="right">14 </td><td><a href="security.html" class="tocviewselflink" data-pltdoc="x">Reflection and Security</a></td></tr><tr><td align="right">15 </td><td><a href="os.html" class="tocviewlink" data-pltdoc="x">Operating System</a></td></tr><tr><td align="right">16 </td><td><a href="memory.html" class="tocviewlink" data-pltdoc="x">Memory Management</a></td></tr><tr><td align="right">17 </td><td><a href="unsafe.html" class="tocviewlink" data-pltdoc="x">Unsafe Operations</a></td></tr><tr><td align="right">18 </td><td><a href="running.html" class="tocviewlink" data-pltdoc="x">Running Racket</a></td></tr><tr><td align="right"></td><td><a href="doc-bibliography.html" class="tocviewlink" data-pltdoc="x">Bibliography</a></td></tr><tr><td align="right"></td><td><a href="doc-index.html" class="tocviewlink" data-pltdoc="x">Index</a></td></tr></table></div></div><div class="tocviewlist"><table cellspacing="0" cellpadding="0"><tr><td style="width: 1em;"><a href="javascript:void(0);" title="Expand/Collapse" class="tocviewtoggle" onclick="TocviewToggle(this,"tocview_1");">▼</a></td><td>14 </td><td><a href="security.html" class="tocviewlink" data-pltdoc="x">Reflection and Security</a></td></tr></table><div class="tocviewsublistbottom" style="display: block;" id="tocview_1"><table cellspacing="0" cellpadding="0"><tr><td align="right">14.1 </td><td><a href="Namespaces.html" class="tocviewlink" data-pltdoc="x">Namespaces</a></td></tr><tr><td align="right">14.2 </td><td><a href="eval.html" class="tocviewlink" data-pltdoc="x">Evaluation and Compilation</a></td></tr><tr><td align="right">14.3 </td><td><a href="load-lang.html" class="tocviewlink" data-pltdoc="x">The <span class="RktModLink"><span class="RktSym">racket/<span class="mywbr"> </span>load</span></span> Language</a></td></tr><tr><td align="right">14.4 </td><td><a href="Module_Names_and_Loading.html" class="tocviewlink" data-pltdoc="x">Module Names and Loading</a></td></tr><tr><td align="right">14.5 </td><td><a href="chaperones.html" class="tocviewlink" data-pltdoc="x">Impersonators and Chaperones</a></td></tr><tr><td align="right">14.6 </td><td><a href="" class="tocviewselflink" data-pltdoc="x">Security Guards</a></td></tr><tr><td align="right">14.7 </td><td><a href="custodians.html" class="tocviewlink" data-pltdoc="x">Custodians</a></td></tr><tr><td align="right">14.8 </td><td><a href="threadgroups.html" class="tocviewlink" data-pltdoc="x">Thread Groups</a></td></tr><tr><td align="right">14.9 </td><td><a href="inspectors.html" class="tocviewlink" data-pltdoc="x">Structure Inspectors</a></td></tr><tr><td align="right">14.10 </td><td><a href="modprotect.html" class="tocviewlink" data-pltdoc="x">Code Inspectors</a></td></tr><tr><td align="right">14.11 </td><td><a href="plumbers.html" class="tocviewlink" data-pltdoc="x">Plumbers</a></td></tr><tr><td align="right">14.12 </td><td><a href="Sandboxed_Evaluation.html" class="tocviewlink" data-pltdoc="x">Sandboxed Evaluation</a></td></tr></table></div></div></div><div class="tocsub"><div class="tocsubtitle">On this page:</div><table class="tocsublist" cellspacing="0"><tr><td><a href="#%28def._%28%28quote._~23~25kernel%29._security-guard~3f%29%29" class="tocsublink" data-pltdoc="x"><span class="RktSym"><span class="RktValLink">security-<wbr></wbr>guard?</span></span></a></td></tr><tr><td><a href="#%28def._%28%28quote._~23~25kernel%29._make-security-guard%29%29" class="tocsublink" data-pltdoc="x"><span class="RktSym"><span class="RktValLink">make-<wbr></wbr>security-<wbr></wbr>guard</span></span></a></td></tr><tr><td><a href="#%28def._%28%28quote._~23~25kernel%29._current-security-guard%29%29" class="tocsublink" data-pltdoc="x"><span class="RktSym"><span class="RktValLink">current-<wbr></wbr>security-<wbr></wbr>guard</span></span></a></td></tr></table></div></div><div class="maincolumn"><div class="main"><div class="navsettop"><span class="navleft"><form class="searchform"><input class="searchbox" style="color: #888;" type="text" value="...search manuals..." title="Enter a search string to search the manuals" onkeypress="return DoSearchKey(event, this, "6.1", "../");" onfocus="this.style.color="black"; this.style.textAlign="left"; if (this.value == "...search manuals...") this.value="";" onblur="if (this.value.match(/^ *$/)) { this.style.color="#888"; this.style.textAlign="center"; this.value="...search manuals..."; }"/></form> <a href="../index.html" title="up to the documentation top" data-pltdoc="x" onclick="return GotoPLTRoot("6.1");">top</a></span><span class="navright"> <a href="chaperones.html" title="backward to "14.5 Impersonators and Chaperones"" data-pltdoc="x">← prev</a> <a href="security.html" title="up to "14 Reflection and Security"" data-pltdoc="x">up</a> <a href="custodians.html" title="forward to "14.7 Custodians"" data-pltdoc="x">next →</a></span> </div><h4 x-source-module="(lib "scribblings/reference/reference.scrbl")" x-part-tag=""securityguards"">14.6<tt> </tt><a name="(part._securityguards)"></a>Security Guards</h4><p><div class="SIntrapara"><blockquote class="SVInsetFlow"><table cellspacing="0" cellpadding="0" class="boxed RBoxed"><tr><td><blockquote class="SubFlow"><div class="RBackgroundLabel SIEHidden"><div class="RBackgroundLabelInner"><p>procedure</p></div></div><p class="RForeground"><span class="RktPn">(</span><a name="(def._((quote._~23~25kernel)._security-guard~3f))"></a><span title="Provided from: racket/base, racket | Package: base"><span class="RktSym"><a href="#%28def._%28%28quote._~23~25kernel%29._security-guard~3f%29%29" class="RktValDef RktValLink" data-pltdoc="x">security-guard?</a></span></span><span class="hspace"> </span><span class="RktVar">v</span><span class="RktPn">)</span><span class="hspace"> </span>→<span class="hspace"> </span><span class="RktSym"><a href="booleans.html#%28def._%28%28quote._~23~25kernel%29._boolean~3f%29%29" class="RktValLink" data-pltdoc="x">boolean?</a></span></p></blockquote></td></tr><tr><td><span class="hspace"> </span><span class="RktVar">v</span><span class="hspace"> </span>:<span class="hspace"> </span><span class="RktSym"><a href="data-structure-contracts.html#%28def._%28%28lib._racket%2Fcontract%2Fprivate%2Fmisc..rkt%29._any%2Fc%29%29" class="RktValLink" data-pltdoc="x">any/c</a></span></td></tr></table></blockquote></div><div class="SIntrapara">Returns <span class="RktVal">#t</span> if <span class="RktVar">v</span> is a security guard value as created
by <span class="RktSym"><a href="#%28def._%28%28quote._~23~25kernel%29._make-security-guard%29%29" class="RktValLink" data-pltdoc="x">make-security-guard</a></span>, <span class="RktVal">#f</span> otherwise.</div></p><p>A <a name="(tech._security._guard)"></a><span style="font-style: italic">security guard</span> provides a set of access-checking
procedures to be called when a thread initiates access of a file,
directory, or network connection through a primitive procedure. For
example, when a thread calls <span class="RktSym"><a href="file-ports.html#%28def._%28%28lib._racket%2Fprivate%2Fbase..rkt%29._open-input-file%29%29" class="RktValLink" data-pltdoc="x">open-input-file</a></span>, the thread’s
current security guard is consulted to check whether the thread is
allowed read access to the file. If access is granted, the thread
receives a port that it may use indefinitely, regardless of changes to
the security guard (although the port’s custodian could shut down the
port; see <a href="custodians.html" data-pltdoc="x">Custodians</a>).</p><p>A thread’s current security guard is determined by the
<span class="RktSym"><a href="#%28def._%28%28quote._~23~25kernel%29._current-security-guard%29%29" class="RktValLink" data-pltdoc="x">current-security-guard</a></span> parameter. Every security guard has a
parent, and a parent’s access procedures are called whenever a child’s
access procedures are called. Thus, a thread cannot increase its own
access arbitrarily by installing a new guard. The initial security
guard enforces no access restrictions other than those enforced by the
host platform.</p><p><div class="SIntrapara"><blockquote class="SVInsetFlow"><table cellspacing="0" cellpadding="0" class="boxed RBoxed"><tr><td><blockquote class="SubFlow"><div class="RBackgroundLabel SIEHidden"><div class="RBackgroundLabelInner"><p>procedure</p></div></div><table cellspacing="0" cellpadding="0" class="prototype RForeground"><tr><td><span class="RktPn">(</span><a name="(def._((quote._~23~25kernel)._make-security-guard))"></a><span title="Provided from: racket/base, racket | Package: base"><span class="RktSym"><a href="#%28def._%28%28quote._~23~25kernel%29._make-security-guard%29%29" class="RktValDef RktValLink" data-pltdoc="x">make-security-guard</a></span></span></td><td><span class="hspace"> </span></td><td><span class="RktVar">parent</span></td><td><span class="hspace"> </span></td><td><span class="hspace"> </span></td><td><span class="hspace"> </span></td><td><span class="hspace"> </span></td></tr><tr><td><span class="hspace"> </span></td><td><span class="hspace"> </span></td><td><span class="RktVar">file-guard</span></td><td><span class="hspace"> </span></td><td><span class="hspace"> </span></td><td><span class="hspace"> </span></td><td><span class="hspace"> </span></td></tr><tr><td><span class="hspace"> </span></td><td><span class="hspace"> </span></td><td><span class="RktVar">network-guard</span></td><td><span class="hspace"> </span></td><td><span class="hspace"> </span></td><td><span class="hspace"> </span></td><td><span class="hspace"> </span></td></tr><tr><td><span class="hspace"> </span></td><td><span class="hspace"> </span>[</td><td><span class="RktVar">link-guard</span>]<span class="RktPn">)</span></td><td><span class="hspace"> </span></td><td>→</td><td><span class="hspace"> </span></td><td><span class="RktSym"><a href="#%28def._%28%28quote._~23~25kernel%29._security-guard~3f%29%29" class="RktValLink" data-pltdoc="x">security-guard?</a></span></td></tr></table></blockquote></td></tr><tr><td><span class="hspace"> </span><span class="RktVar">parent</span><span class="hspace"> </span>:<span class="hspace"> </span><span class="RktSym"><a href="#%28def._%28%28quote._~23~25kernel%29._security-guard~3f%29%29" class="RktValLink" data-pltdoc="x">security-guard?</a></span></td></tr><tr><td><table cellspacing="0" cellpadding="0" class="argcontract"><tr><td><span class="hspace"> </span></td><td><span class="RktVar">file-guard</span></td><td><span class="hspace"> </span></td><td>:</td><td><span class="hspace"> </span></td><td><table cellspacing="0" cellpadding="0" class="RktBlk"><tr><td><span class="RktPn">(</span><span class="RktSym"><a href="symbols.html#%28def._%28%28quote._~23~25kernel%29._symbol~3f%29%29" class="RktValLink" data-pltdoc="x">symbol?</a></span></td></tr><tr><td><span class="hspace"> </span><span class="RktPn">(</span><span class="RktSym"><a href="data-structure-contracts.html#%28def._%28%28lib._racket%2Fcontract%2Fbase..rkt%29._or%2Fc%29%29" class="RktValLink" data-pltdoc="x">or/c</a></span><span class="hspace"> </span><span class="RktSym"><a href="Manipulating_Paths.html#%28def._%28%28quote._~23~25kernel%29._path~3f%29%29" class="RktValLink" data-pltdoc="x">path?</a></span><span class="hspace"> </span><span class="RktVal">#f</span><span class="RktPn">)</span></td></tr><tr><td><span class="hspace"> </span><span class="RktPn">(</span><span class="RktSym"><a href="data-structure-contracts.html#%28def._%28%28lib._racket%2Fcontract%2Fprivate%2Fmisc..rkt%29._listof%29%29" class="RktValLink" data-pltdoc="x">listof</a></span><span class="hspace"> </span><span class="RktSym"><a href="symbols.html#%28def._%28%28quote._~23~25kernel%29._symbol~3f%29%29" class="RktValLink" data-pltdoc="x">symbol?</a></span><span class="RktPn">)</span></td></tr><tr><td><span class="hspace"> </span><span class="RktPn">. </span><span class="RktSym"><a href="function-contracts.html#%28form._%28%28lib._racket%2Fcontract%2Fbase..rkt%29._-~3e%29%29" class="RktStxLink" data-pltdoc="x"><span class="nobreak">-></span></a></span><span class="RktPn"> .</span><span class="hspace"> </span><span class="RktSym"><a href="data-structure-contracts.html#%28form._%28%28lib._racket%2Fcontract%2Fprivate%2Fmisc..rkt%29._any%29%29" class="RktStxLink" data-pltdoc="x">any</a></span><span class="RktPn">)</span></td></tr></table></td></tr></table></td></tr><tr><td><table cellspacing="0" cellpadding="0" class="argcontract"><tr><td><span class="hspace"> </span></td><td><span class="RktVar">network-guard</span></td><td><span class="hspace"> </span></td><td>:</td><td><span class="hspace"> </span></td><td><table cellspacing="0" cellpadding="0" class="RktBlk"><tr><td><span class="RktPn">(</span><span class="RktSym"><a href="symbols.html#%28def._%28%28quote._~23~25kernel%29._symbol~3f%29%29" class="RktValLink" data-pltdoc="x">symbol?</a></span></td></tr><tr><td><span class="hspace"> </span><span class="RktPn">(</span><span class="RktSym"><a href="data-structure-contracts.html#%28def._%28%28lib._racket%2Fcontract%2Fbase..rkt%29._or%2Fc%29%29" class="RktValLink" data-pltdoc="x">or/c</a></span><span class="hspace"> </span><span class="RktPn">(</span><span class="RktSym"><a href="data-structure-contracts.html#%28def._%28%28lib._racket%2Fcontract%2Fprivate%2Fmisc..rkt%29._and%2Fc%29%29" class="RktValLink" data-pltdoc="x">and/c</a></span><span class="hspace"> </span><span class="RktSym"><a href="strings.html#%28def._%28%28quote._~23~25kernel%29._string~3f%29%29" class="RktValLink" data-pltdoc="x">string?</a></span><span class="hspace"> </span><span class="RktSym"><a href="booleans.html#%28def._%28%28quote._~23~25kernel%29._immutable~3f%29%29" class="RktValLink" data-pltdoc="x">immutable?</a></span><span class="RktPn">)</span><span class="hspace"> </span><span class="RktVal">#f</span><span class="RktPn">)</span></td></tr><tr><td><span class="hspace"> </span><span class="RktPn">(</span><span class="RktSym"><a href="data-structure-contracts.html#%28def._%28%28lib._racket%2Fcontract%2Fbase..rkt%29._or%2Fc%29%29" class="RktValLink" data-pltdoc="x">or/c</a></span><span class="hspace"> </span><span class="RktPn">(</span><span class="RktSym"><a href="data-structure-contracts.html#%28def._%28%28lib._racket%2Fcontract%2Fprivate%2Fmisc..rkt%29._integer-in%29%29" class="RktValLink" data-pltdoc="x">integer-in</a></span><span class="hspace"> </span><span class="RktVal">1</span><span class="hspace"> </span><span class="RktVal">65535</span><span class="RktPn">)</span><span class="hspace"> </span><span class="RktVal">#f</span><span class="RktPn">)</span></td></tr><tr><td><span class="hspace"> </span><span class="RktPn">(</span><span class="RktSym"><a href="data-structure-contracts.html#%28def._%28%28lib._racket%2Fcontract%2Fbase..rkt%29._or%2Fc%29%29" class="RktValLink" data-pltdoc="x">or/c</a></span><span class="hspace"> </span><span class="RktVal">'</span><span class="RktVal">server</span><span class="hspace"> </span><span class="RktVal">'</span><span class="RktVal">client</span><span class="RktPn">)</span></td></tr><tr><td><span class="hspace"> </span><span class="RktPn">. </span><span class="RktSym"><a href="function-contracts.html#%28form._%28%28lib._racket%2Fcontract%2Fbase..rkt%29._-~3e%29%29" class="RktStxLink" data-pltdoc="x"><span class="nobreak">-></span></a></span><span class="RktPn"> .</span><span class="hspace"> </span><span class="RktSym"><a href="data-structure-contracts.html#%28form._%28%28lib._racket%2Fcontract%2Fprivate%2Fmisc..rkt%29._any%29%29" class="RktStxLink" data-pltdoc="x">any</a></span><span class="RktPn">)</span></td></tr></table></td></tr></table></td></tr><tr><td><span class="hspace"> </span><span class="RktVar">link-guard</span><span class="hspace"> </span>:<span class="hspace"> </span><span class="RktPn">(</span><span class="RktSym"><a href="data-structure-contracts.html#%28def._%28%28lib._racket%2Fcontract%2Fbase..rkt%29._or%2Fc%29%29" class="RktValLink" data-pltdoc="x">or/c</a></span><span class="hspace"> </span><span class="RktPn">(</span><span class="RktSym"><a href="symbols.html#%28def._%28%28quote._~23~25kernel%29._symbol~3f%29%29" class="RktValLink" data-pltdoc="x">symbol?</a></span><span class="hspace"> </span><span class="RktSym"><a href="Manipulating_Paths.html#%28def._%28%28quote._~23~25kernel%29._path~3f%29%29" class="RktValLink" data-pltdoc="x">path?</a></span><span class="hspace"> </span><span class="RktSym"><a href="Manipulating_Paths.html#%28def._%28%28quote._~23~25kernel%29._path~3f%29%29" class="RktValLink" data-pltdoc="x">path?</a></span><span class="hspace"> </span><span class="RktPn">. </span><span class="RktSym"><a href="function-contracts.html#%28form._%28%28lib._racket%2Fcontract%2Fbase..rkt%29._-~3e%29%29" class="RktStxLink" data-pltdoc="x"><span class="nobreak">-></span></a></span><span class="RktPn"> .</span><span class="hspace"> </span><span class="RktSym"><a href="data-structure-contracts.html#%28form._%28%28lib._racket%2Fcontract%2Fprivate%2Fmisc..rkt%29._any%29%29" class="RktStxLink" data-pltdoc="x">any</a></span><span class="RktPn">)</span><span class="hspace"> </span><span class="RktVal">#f</span><span class="RktPn">)</span><span class="hspace"> </span>=<span class="hspace"> </span><span class="RktVal">#f</span></td></tr></table></blockquote></div><div class="SIntrapara">Creates a new security guard as child of <span class="RktVar">parent</span>.</div></p><p>The <span class="RktVar">file-guard</span> procedure must accept three arguments:</p><ul><li><p>a symbol for the primitive procedure that triggered the access
check, which is useful for raising an exception to deny access.</p></li><li><p>a path (see <a href="pathutils.html" data-pltdoc="x">Paths</a>) or <span class="RktVal">#f</span> for
pathless queries, such as <span class="RktPn">(</span><span class="RktSym"><a href="Filesystem.html#%28def._%28%28quote._~23~25kernel%29._current-directory%29%29" class="RktValLink" data-pltdoc="x">current-directory</a></span><span class="RktPn">)</span>,
<span class="RktPn">(</span><span class="RktSym"><a href="Filesystem.html#%28def._%28%28quote._~23~25kernel%29._filesystem-root-list%29%29" class="RktValLink" data-pltdoc="x">filesystem-root-list</a></span><span class="RktPn">)</span>, and <span class="RktPn">(</span><span class="RktSym"><a href="Filesystem.html#%28def._%28%28quote._~23~25kernel%29._find-system-path%29%29" class="RktValLink" data-pltdoc="x">find-system-path</a></span><span class="stt"> </span><span class="RktVar">symbol</span><span class="RktPn">)</span>. A path provided to <span class="RktVar">file-guard</span> is not expanded or
otherwise normalized before checking access; it may be a relative
path, for example.</p></li><li><p>a list containing one or more of the following
symbols:</p><ul><li><p><a name="(idx._(gentag._237._(lib._scribblings/reference/reference..scrbl)))"></a><span class="RktVal">'</span><span class="RktVal">read</span> —<wbr></wbr> read a file or directory</p></li><li><p><a name="(idx._(gentag._238._(lib._scribblings/reference/reference..scrbl)))"></a><span class="RktVal">'</span><span class="RktVal">write</span> —<wbr></wbr> modify or create a file or
directory</p></li><li><p><a name="(idx._(gentag._239._(lib._scribblings/reference/reference..scrbl)))"></a><span class="RktVal">'</span><span class="RktVal">execute</span> —<wbr></wbr> execute a file</p></li><li><p><a name="(idx._(gentag._240._(lib._scribblings/reference/reference..scrbl)))"></a><span class="RktVal">'</span><span class="RktVal">delete</span> —<wbr></wbr> delete a file or directory</p></li><li><p><a name="(idx._(gentag._241._(lib._scribblings/reference/reference..scrbl)))"></a><span class="RktVal">'</span><span class="RktVal">exists</span> —<wbr></wbr> determine whether a file or
directory exists, or that a path string is well-formed</p></li></ul><p>The <span class="RktVal">'</span><span class="RktVal">exists</span> symbol is never combined with other symbols in
the last argument to <span class="RktVar">file-guard</span>, but any other combination is
possible. When the second argument to <span class="RktVar">file-guard</span> is <span class="RktVal">#f</span>,
the last argument always contains only <span class="RktVal">'</span><span class="RktVal">exists</span>.</p></li></ul><p>The <span class="RktVar">network-guard</span> procedure must accept four arguments:</p><ul><li><p>a symbol for the primitive operation that triggered the access
check, which is useful for raising an exception to deny access.</p></li><li><p>an immutable string representing the target hostname for a
client connection or the accepting hostname for a listening server;
<span class="RktVal">#f</span> for a listening server or UDP socket that accepts
connections at all of the host’s address; or <span class="RktVal">#f</span> an unbound
UDP socket.</p></li><li><p>an exact integer between <span class="RktVal">1</span> and <span class="RktVal">65535</span>
(inclusive) representing the port number, or <span class="RktVal">#f</span> for an
unbound UDP socket. In the case of a client connection, the port
number is the target port on the server. For a listening server, the
port number is the local port number.</p></li><li><p>a symbol, either <a name="(idx._(gentag._242._(lib._scribblings/reference/reference..scrbl)))"></a><span class="RktVal">'</span><span class="RktVal">client</span> or
<a name="(idx._(gentag._243._(lib._scribblings/reference/reference..scrbl)))"></a><span class="RktVal">'</span><span class="RktVal">server</span>, indicating whether the check is for the
creation of a client connection or a listening server. The opening of
an unbound UDP socket is identified as a <span class="RktVal">'</span><span class="RktVal">client</span> connection;
explicitly binding the socket is identified as a <span class="RktVal">'</span><span class="RktVal">server</span>
action.</p></li></ul><p>The <span class="RktVar">link-guard</span> argument can be <span class="RktVal">#f</span> or a procedure of
three arguments:</p><ul><li><p>a symbol for the primitive procedure that triggered the access
check, which is useful for raising an exception to deny access.</p></li><li><p>a complete path (see <a href="pathutils.html" data-pltdoc="x">Paths</a>) representing the
file to create as link.</p></li><li><p>a path representing the content of the link, which may be
relative the second-argument path; this path is not expanded or
otherwise normalized before checking access.</p></li></ul><p>If <span class="RktVar">link-guard</span> is <span class="RktVal">#f</span>, then a default
procedure is used that always raises <span class="RktSym"><a href="exns.html#%28def._%28%28lib._racket%2Fprivate%2Fbase..rkt%29._exn~3afail%29%29" class="RktValLink" data-pltdoc="x">exn:fail</a></span>.</p><p>The return value of <span class="RktVar">file-guard</span>, <span class="RktVar">network-guard</span>, or
<span class="RktVar">link-guard</span> is ignored. To deny access, the procedure must
raise an exception or otherwise escape from the context of the
primitive call. If the procedure returns, the parent’s corresponding
procedure is called on the same inputs, and so on up the chain of
security guards.</p><p>The <span class="RktVar">file-guard</span>, <span class="RktVar">network-guard</span>, and
<span class="RktVar">link-guard</span> procedures are invoked in the thread that called
the access-checked primitive. Breaks may or may not be enabled (see
<a href="breakhandler.html" data-pltdoc="x">Breaks</a>). Full continuation jumps are blocked going
into or out of the <span class="RktVar">file-guard</span> or <span class="RktVar">network-guard</span> call
(see <a href="eval-model.html#%28part._prompt-model%29" data-pltdoc="x">Prompts, Delimited Continuations, and Barriers</a>).</p><p><div class="SIntrapara"><blockquote class="SVInsetFlow"><table cellspacing="0" cellpadding="0" class="boxed RBoxed"><tr><td><blockquote class="SubFlow"><div class="RBackgroundLabel SIEHidden"><div class="RBackgroundLabelInner"><p>parameter</p></div></div><p class="RForeground"><span class="RktPn">(</span><a name="(def._((quote._~23~25kernel)._current-security-guard))"></a><span title="Provided from: racket/base, racket | Package: base"><span class="RktSym"><a href="#%28def._%28%28quote._~23~25kernel%29._current-security-guard%29%29" class="RktValDef RktValLink" data-pltdoc="x">current-security-guard</a></span></span><span class="RktPn"></span><span class="RktPn">)</span><span class="hspace"> </span>→<span class="hspace"> </span><span class="RktSym"><a href="#%28def._%28%28quote._~23~25kernel%29._security-guard~3f%29%29" class="RktValLink" data-pltdoc="x">security-guard?</a></span></p></blockquote></td></tr><tr><td><span class="RktPn">(</span><span title="Provided from: racket/base, racket | Package: base"><span class="RktSym"><a href="#%28def._%28%28quote._~23~25kernel%29._current-security-guard%29%29" class="RktValDef RktValLink" data-pltdoc="x">current-security-guard</a></span></span><span class="hspace"> </span><span class="RktVar">guard</span><span class="RktPn">)</span><span class="hspace"> </span>→<span class="hspace"> </span><span class="RktSym"><a href="void.html#%28def._%28%28quote._~23~25kernel%29._void~3f%29%29" class="RktValLink" data-pltdoc="x">void?</a></span></td></tr><tr><td><span class="hspace"> </span><span class="RktVar">guard</span><span class="hspace"> </span>:<span class="hspace"> </span><span class="RktSym"><a href="#%28def._%28%28quote._~23~25kernel%29._security-guard~3f%29%29" class="RktValLink" data-pltdoc="x">security-guard?</a></span></td></tr></table></blockquote></div><div class="SIntrapara">A <a href="eval-model.html#%28tech._parameter%29" class="techoutside" data-pltdoc="x"><span class="techinside">parameter</span></a> that determines the current security guard that controls
access to the filesystem and network.</div></p><div class="navsetbottom"><span class="navleft"><form class="searchform"><input class="searchbox" style="color: #888;" type="text" value="...search manuals..." title="Enter a search string to search the manuals" onkeypress="return DoSearchKey(event, this, "6.1", "../");" onfocus="this.style.color="black"; this.style.textAlign="left"; if (this.value == "...search manuals...") this.value="";" onblur="if (this.value.match(/^ *$/)) { this.style.color="#888"; this.style.textAlign="center"; this.value="...search manuals..."; }"/></form> <a href="../index.html" title="up to the documentation top" data-pltdoc="x" onclick="return GotoPLTRoot("6.1");">top</a></span><span class="navright"> <a href="chaperones.html" title="backward to "14.5 Impersonators and Chaperones"" data-pltdoc="x">← prev</a> <a href="security.html" title="up to "14 Reflection and Security"" data-pltdoc="x">up</a> <a href="custodians.html" title="forward to "14.7 Custodians"" data-pltdoc="x">next →</a></span> </div></div></div><div id="contextindicator"> </div></body></html>
|