emacs.d/clones/scheme/docs.racket-lang.org/reference/securityguards.html

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"/><meta name="viewport" content="width=device-width, initial-scale=0.8"/><title>14.6&nbsp;Security Guards</title><link rel="stylesheet" type="text/css" href="../scribble.css" title="default"/><link rel="stylesheet" type="text/css" href="extras.css" title="default"/><link rel="stylesheet" type="text/css" href="../racket.css" title="default"/><link rel="stylesheet" type="text/css" href="../manual-style.css" title="default"/><link rel="stylesheet" type="text/css" href="../manual-racket.css" title="default"/><link rel="stylesheet" type="text/css" href="../manual-racket.css" title="default"/><link rel="stylesheet" type="text/css" href="../doc-site.css" title="default"/><script type="text/javascript" src="../scribble-common.js"></script><script type="text/javascript" src="../manual-racket.js"></script><script type="text/javascript" src="../manual-racket.js"></script><script type="text/javascript" src="../doc-site.js"></script><script type="text/javascript" src="../local-redirect/local-redirect.js"></script><script type="text/javascript" src="../local-redirect/local-user-redirect.js"></script><!--[if IE 6]><style type="text/css">.SIEHidden { overflow: hidden; }</style><![endif]--></head><body id="doc-racket-lang-org"><div class="tocset"><div class="tocview"><div class="tocviewlist tocviewlisttopspace"><div class="tocviewtitle"><table cellspacing="0" cellpadding="0"><tr><td style="width: 1em;"><a href="javascript:void(0);" title="Expand/Collapse" class="tocviewtoggle" onclick="TocviewToggle(this,&quot;tocview_0&quot;);">&#9658;</a></td><td></td><td><a href="index.html" class="tocviewlink" data-pltdoc="x">The Racket Reference</a></td></tr></table></div><div class="tocviewsublisttop" style="display: none;" id="tocview_0"><table cellspacing="0" cellpadding="0"><tr><td align="right">1&nbsp;</td><td><a href="model.html" class="tocviewlink" data-pltdoc="x">Language Model</a></td></tr><tr><td align="right">2&nbsp;</td><td><a href="notation.html" class="tocviewlink" data-pltdoc="x">Notation for Documentation</a></td></tr><tr><td align="right">3&nbsp;</td><td><a href="syntax.html" class="tocviewlink" data-pltdoc="x">Syntactic Forms</a></td></tr><tr><td align="right">4&nbsp;</td><td><a href="data.html" class="tocviewlink" data-pltdoc="x">Datatypes</a></td></tr><tr><td align="right">5&nbsp;</td><td><a href="structures.html" class="tocviewlink" data-pltdoc="x">Structures</a></td></tr><tr><td align="right">6&nbsp;</td><td><a href="mzlib_class.html" class="tocviewlink" data-pltdoc="x">Classes and Objects</a></td></tr><tr><td align="right">7&nbsp;</td><td><a href="mzlib_unit.html" class="tocviewlink" data-pltdoc="x">Units</a></td></tr><tr><td align="right">8&nbsp;</td><td><a href="contracts.html" class="tocviewlink" data-pltdoc="x">Contracts</a></td></tr><tr><td align="right">9&nbsp;</td><td><a href="match.html" class="tocviewlink" data-pltdoc="x">Pattern Matching</a></td></tr><tr><td align="right">10&nbsp;</td><td><a href="control.html" class="tocviewlink" data-pltdoc="x">Control Flow</a></td></tr><tr><td align="right">11&nbsp;</td><td><a href="concurrency.html" class="tocviewlink" data-pltdoc="x">Concurrency and Parallelism</a></td></tr><tr><td align="right">12&nbsp;</td><td><a href="Macros.html" class="tocviewlink" data-pltdoc="x">Macros</a></td></tr><tr><td align="right">13&nbsp;</td><td><a href="input-and-output.html" class="tocviewlink" data-pltdoc="x">Input and Output</a></td></tr><tr><td align="right">14&nbsp;</td><td><a href="security.html" class="tocviewselflink" data-pltdoc="x">Reflection and Security</a></td></tr><tr><td align="right">15&nbsp;</td><td><a href="os.html" class="tocviewlink" data-pltdoc="x">Operating System</a></td></tr><tr><td align="right">16&nbsp;</td><td><a href="memory.html" class="tocviewlink" data-pltdoc="x">Memory Management</a></td></tr><tr><td align="right">17&nbsp;</td><td><a href="unsafe.html" class="tocviewlink" data-pltdoc="x">Unsafe Operations</a></td></tr><tr><td align="right">18&nbsp;</td><td><a href="running.html" class="t
by <span class="RktSym"><a href="securityguards.html#%28def._%28%28quote._~23~25kernel%29._make-security-guard%29%29" class="RktValLink" data-pltdoc="x">make-security-guard</a></span>, <span class="RktVal">#f</span> otherwise.</div></p><p>A <a name="(tech._security._guard)"></a><span style="font-style: italic">security guard</span> provides a set of access-checking
procedures to be called when a thread initiates access of a file,
directory, or network connection through a primitive procedure. For
example, when a thread calls <span class="RktSym"><a href="file-ports.html#%28def._%28%28lib._racket%2Fprivate%2Fbase..rkt%29._open-input-file%29%29" class="RktValLink" data-pltdoc="x">open-input-file</a></span>, the thread&rsquo;s
current security guard is consulted to check whether the thread is
allowed read access to the file. If access is granted, the thread
receives a port that it may use indefinitely, regardless of changes to
the security guard (although the port&rsquo;s custodian could shut down the
port; see <a href="custodians.html" data-pltdoc="x">Custodians</a>).</p><p>A thread&rsquo;s current security guard is determined by the
<span class="RktSym"><a href="securityguards.html#%28def._%28%28quote._~23~25kernel%29._current-security-guard%29%29" class="RktValLink" data-pltdoc="x">current-security-guard</a></span> parameter. Every security guard has a
parent, and a parent&rsquo;s access procedures are called whenever a child&rsquo;s
access procedures are called. Thus, a thread cannot increase its own
access arbitrarily by installing a new guard. The initial security
guard enforces no access restrictions other than those enforced by the
host platform.</p><p><div class="SIntrapara"><blockquote class="SVInsetFlow"><table cellspacing="0" cellpadding="0" class="boxed RBoxed"><tr><td><blockquote class="SubFlow"><div class="RBackgroundLabel SIEHidden"><div class="RBackgroundLabelInner"><p>procedure</p></div></div><table cellspacing="0" cellpadding="0" class="prototype RForeground"><tr><td valign="top"><span class="RktPn">(</span><a name="(def._((quote._~23~25kernel)._make-security-guard))"></a><span title="Provided from: racket/base, racket | Package: base"><span class="RktSym"><a href="securityguards.html#%28def._%28%28quote._~23~25kernel%29._make-security-guard%29%29" class="RktValDef RktValLink" data-pltdoc="x">make-security-guard</a></span></span></td><td valign="top"><span class="hspace">&nbsp;</span></td><td valign="top"><span class="RktVar">parent</span></td><td valign="top"><span class="hspace">&nbsp;</span></td><td valign="top"><span class="hspace">&nbsp;</span></td><td valign="top"><span class="hspace">&nbsp;</span></td><td valign="top"><span class="hspace">&nbsp;</span></td></tr><tr><td valign="top"><span class="hspace">&nbsp;</span></td><td valign="top"><span class="hspace">&nbsp;</span></td><td valign="top"><span class="RktVar">file-guard</span></td><td valign="top"><span class="hspace">&nbsp;</span></td><td valign="top"><span class="hspace">&nbsp;</span></td><td valign="top"><span class="hspace">&nbsp;</span></td><td valign="top"><span class="hspace">&nbsp;</span></td></tr><tr><td valign="top"><span class="hspace">&nbsp;</span></td><td valign="top"><span class="hspace">&nbsp;</span></td><td valign="top"><span class="RktVar">network-guard</span></td><td valign="top"><span class="hspace">&nbsp;</span></td><td valign="top"><span class="hspace">&nbsp;</span></td><td valign="top"><span class="hspace">&nbsp;</span></td><td valign="top"><span class="hspace">&nbsp;</span></td></tr><tr><td valign="top"><span class="hspace">&nbsp;</span></td><td valign="top"><span class="hspace">&nbsp;</span><span class="RktOpt">[</span></td><td valign="top"><span class="RktVar">link-guard</span><span class="RktOpt">]</span><span class="RktPn">)</span></td><td valign="top"><span class="hspace">&nbsp;</span></td><td valign="top">&rarr;</td><td valign="top"><span class="hspace">&nbsp;</span></td><td valign="top"><span class="RktSym"><a href="securityguards.html#%28def._%28%28quote._~23~25kernel%29._security-guard~3f%29%29" class="RktValLink" data-pltdoc="x">security-guard?</a></span></td></tr></table></blockquote></td></tr><tr><td><span class="hspace">&nbsp;&nbsp;</span><span class="RktVar">parent</span><span class="hspace">&nbsp;</span>:<span class="hspace">&nbsp;</span><span class="RktSym"><a href="securityguards.html#%28def._%28%28quote._~23~25kernel%29._security-guard~3f%29%29" class="RktValLink" data-pltdoc="x">security-guard?</a></span></td></tr><tr><td><table cellspacing="0" cellpadding="0" class="argcontract"><tr><td valign="top"><span class="hspace">&nbsp;&nbsp;</span></td><td valign="top"><span class="RktVar">file-guard</span></td><td valign="top"><span class="hspace">&nbsp;</span></td><td valign="top">:</td><td valign="top"><span class="hspace">&nbsp;</span></td><td valign="top"><table cellspacing="0" cellpadding="0" class="RktBlk"><tr><td><span class="RktPn">(</span><span class="RktSym"><a href="symbols.html#%28def._%28%28quote._~23~25kernel%29._symbol~3f%29%29" class="RktValLink" data-pltdoc="x">symbol?</a></span></td></tr><tr><td><span class="hspace">&nbsp;</span><span class="RktPn">(</span><span class="RktSym"><a href="data-structure-contracts.html#%28def._%28%28lib._racket%2Fcontract%2Fbase..rkt%29._or%2Fc%29%29" class="RktValLink" data-pltdoc="x">or/c</a></span><span class="hspace">&nbsp;</span><span class="RktSym"><a href="Manipulating_Paths.html#%28def._%28%28quote._~23~25kernel%29._path~3f%29%29" class="RktValLink" data-pltdoc="x">path?</a></span><span class="hspace">&nbsp;</span><span class="RktVal">#f</span><span class="RktPn">)</span></td></tr><tr><td><span class="hspace">&nbsp;</span><span class="RktPn">(</span><span class="RktSym"><a href="data-str
check, which is useful for raising an exception to deny access.</p></li><li><p>a path (see <a href="pathutils.html" data-pltdoc="x">Paths</a>) or <span class="RktVal">#f</span> for
pathless queries, such as <span class="RktPn">(</span><span class="RktSym"><a href="Filesystem.html#%28def._%28%28quote._~23~25kernel%29._current-directory%29%29" class="RktValLink" data-pltdoc="x">current-directory</a></span><span class="RktPn">)</span>,
<span class="RktPn">(</span><span class="RktSym"><a href="Filesystem.html#%28def._%28%28quote._~23~25kernel%29._filesystem-root-list%29%29" class="RktValLink" data-pltdoc="x">filesystem-root-list</a></span><span class="RktPn">)</span>, and <span class="RktPn">(</span><span class="RktSym"><a href="Filesystem.html#%28def._%28%28quote._~23~25kernel%29._find-system-path%29%29" class="RktValLink" data-pltdoc="x">find-system-path</a></span><span class="stt"> </span><span class="RktVar">symbol</span><span class="RktPn">)</span>. A path provided to <span class="RktVar">file-guard</span> is not expanded or
otherwise normalized before checking access; it may be a relative
path, for example.</p></li><li><p>a list containing one or more of the following
 symbols:</p><ul><li><p><a name="(idx._(gentag._280._(lib._scribblings/reference/reference..scrbl)))"></a><span class="RktVal">'</span><span class="RktVal">read</span> &#8212;<wbr></wbr> read a file or directory</p></li><li><p><a name="(idx._(gentag._281._(lib._scribblings/reference/reference..scrbl)))"></a><span class="RktVal">'</span><span class="RktVal">write</span> &#8212;<wbr></wbr> modify or create a file or
directory</p></li><li><p><a name="(idx._(gentag._282._(lib._scribblings/reference/reference..scrbl)))"></a><span class="RktVal">'</span><span class="RktVal">execute</span> &#8212;<wbr></wbr> execute a file</p></li><li><p><a name="(idx._(gentag._283._(lib._scribblings/reference/reference..scrbl)))"></a><span class="RktVal">'</span><span class="RktVal">delete</span> &#8212;<wbr></wbr> delete a file or directory</p></li><li><p><a name="(idx._(gentag._284._(lib._scribblings/reference/reference..scrbl)))"></a><span class="RktVal">'</span><span class="RktVal">exists</span> &#8212;<wbr></wbr> determine whether a file or
directory exists, or that a path string is well-formed</p></li></ul><p>The <span class="RktVal">'</span><span class="RktVal">exists</span> symbol is never combined with other symbols in
the last argument to <span class="RktVar">file-guard</span>, but any other combination is
possible. When the second argument to <span class="RktVar">file-guard</span> is <span class="RktVal">#f</span>,
the last argument always contains only <span class="RktVal">'</span><span class="RktVal">exists</span>.</p></li></ul><p>The <span class="RktVar">network-guard</span> procedure must accept four arguments:</p><ul><li><p>a symbol for the primitive operation that triggered the access
check, which is useful for raising an exception to deny access.</p></li><li><p>an immutable string representing the target hostname for a
client connection or the accepting hostname for a listening server;
<span class="RktVal">#f</span> for a listening server or UDP socket that accepts
connections at all of the host&rsquo;s address; or <span class="RktVal">#f</span> an unbound
UDP socket.</p></li><li><p>an exact integer between <span class="RktVal">1</span> and <span class="RktVal">65535</span>
(inclusive) representing the port number, or <span class="RktVal">#f</span> for an
unbound UDP socket. In the case of a client connection, the port
number is the target port on the server. For a listening server, the
port number is the local port number.</p></li><li><p>a symbol, either <a name="(idx._(gentag._285._(lib._scribblings/reference/reference..scrbl)))"></a><span class="RktVal">'</span><span class="RktVal">client</span> or
<a name="(idx._(gentag._286._(lib._scribblings/reference/reference..scrbl)))"></a><span class="RktVal">'</span><span class="RktVal">server</span>, indicating whether the check is for the
creation of a client connection or a listening server. The opening of
an unbound UDP socket is identified as a <span class="RktVal">'</span><span class="RktVal">client</span> connection;
explicitly binding the socket is identified as a <span class="RktVal">'</span><span class="RktVal">server</span>
action.</p></li></ul><p>The <span class="RktVar">link-guard</span> argument can be <span class="RktVal">#f</span> or a procedure of
three arguments:</p><ul><li><p>a symbol for the primitive procedure that triggered the access
check, which is useful for raising an exception to deny access.</p></li><li><p>a complete path (see <a href="pathutils.html" data-pltdoc="x">Paths</a>) representing the
file to create as link.</p></li><li><p>a path representing the content of the link, which may be
relative the second-argument path; this path is not expanded or
otherwise normalized before checking access.</p></li></ul><p>If <span class="RktVar">link-guard</span> is <span class="RktVal">#f</span>, then a default
procedure is used that always raises <span class="RktSym"><a href="exns.html#%28def._%28%28lib._racket%2Fprivate%2Fbase..rkt%29._exn~3afail%29%29" class="RktValLink" data-pltdoc="x">exn:fail</a></span>.</p><p>The return value of <span class="RktVar">file-guard</span>, <span class="RktVar">network-guard</span>, or
<span class="RktVar">link-guard</span> is ignored. To deny access, the procedure must
raise an exception or otherwise escape from the context of the
primitive call. If the procedure returns, the parent&rsquo;s corresponding
procedure is called on the same inputs, and so on up the chain of
security guards.</p><p>The <span class="RktVar">file-guard</span>, <span class="RktVar">network-guard</span>, and
<span class="RktVar">link-guard</span> procedures are invoked in the thread that called
the access-checked primitive. Breaks may or may not be enabled (see
<a href="breakhandler.html" data-pltdoc="x">Breaks</a>). Full continuation jumps are blocked going
into or out of the <span class="RktVar">file-guard</span> or <span class="RktVar">network-guard</span> call
(see <a href="eval-model.html#%28part._prompt-model%29" data-pltdoc="x">Prompts, Delimited Continuations, and Barriers</a>).</p><p><div class="SIntrapara"><blockquote class="SVInsetFlow"><table cellspacing="0" cellpadding="0" class="boxed RBoxed"><tr><td><blockquote class="SubFlow"><div class="RBackgroundLabel SIEHidden"><div class="RBackgroundLabelInner"><p>parameter</p></div></div><p class="RForeground"><span class="RktPn">(</span><a name="(def._((quote._~23~25kernel)._current-security-guard))"></a><span title="Provided from: racket/base, racket | Package: base"><span class="RktSym"><a href="securityguards.html#%28def._%28%28quote._~23~25kernel%29._current-security-guard%29%29" class="RktValDef RktValLink" data-pltdoc="x">current-security-guard</a></span></span><span class="RktPn"></span><span class="RktPn">)</span><span class="hspace">&nbsp;</span>&rarr;<span class="hspace">&nbsp;</span><span class="RktSym"><a href="securityguards.html#%28def._%28%28quote._~23~25kernel%29._security-guard~3f%29%29" class="RktValLink" data-pltdoc="x">security-guard?</a></span></p></blockquote></td></tr><tr><td><span class="RktPn">(</span><span title="Provided from: racket/base, racket | Package: base"><span class="RktSym"><a href="securityguards.html#%28def._%28%28quote._~23~25kernel%29._current-security-guard%29%29" class="RktValDef RktValLink" data-pltdoc="x">current-security-guard</a></span></span><span class="hspace">&nbsp;</span><span class="RktVar">guard</span><span class="RktPn">)</span><span class="hspace">&nbsp;</span>&rarr;<span class="hspace">&nbsp;</span><span class="RktSym"><a href="void.html#%28def._%28%28quote._~23~25kernel%29._void~3f%29%29" class="RktValLink" data-pltdoc="x">void?</a></span></td></tr><tr><td><span class="hspace">&nbsp;&nbsp;</span><span class="RktVar">guard</span><span class="hspace">&nbsp;</span>:<span class="hspace">&nbsp;</span><span class="RktSym"><a href="securityguards.html#%28def._%28%28quote._~23~25kernel%29._security-guard~3f%29%29" class="RktValLink" data-pltdoc="x">security-guard?</a></span></td></tr></table></blockquote></div><div class="SIntrapara">A <a href="eval-model.html#%28tech._parameter%29" class="techoutside" data-pltdoc="x"><span class="techinside">parameter</span></a> that determines the current security guard that controls
access to the filesystem and network.</div></p><div class="navsetbottom"><span class="navleft"><form class="searchform"><input class="searchbox" id="searchbox" type="text" tabindex="1" placeholder="...search manuals..." title="Enter a search string to search the manuals" onkeypress="return DoSearchKey(event, this, &quot;8.6&quot;, &quot;../&quot;);"/></form>&nbsp;&nbsp;<a href="https://docs.racket-lang.org/index.html" title="up to the documentation top" data-pltdoc="x" onclick="return GotoPLTRoot(&quot;8.6&quot;);">top</a><span class="tocsettoggle">&nbsp;&nbsp;<a href="javascript:void(0);" title="show/hide table of contents" onclick="TocsetToggle();">contents</a></span></span><span class="navright">&nbsp;&nbsp;<a href="chaperones.html" title="backward to &quot;14.5 Impersonators and Chaperones&quot;" data-pltdoc="x">&larr; prev</a>&nbsp;&nbsp;<a href="security.html" title="up to &quot;14 Reflection and Security&quot;" data-pltdoc="x">up</a>&nbsp;&nbsp;<a href="custodians.html" title="forward to &quot;14.7 Custodians&quot;" data-pltdoc="x">next &rarr;</a></span>&nbsp;</div></div></div><div id="contextindicator">&nbsp;</div></body></html>
Add racket guides 2022-09-30 11:00:09 +02:00			`<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">`
			<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"/><meta name="viewport" content="width=device-width, initial-scale=0.8"/><title>14.6 Security Guards</title><link rel="stylesheet" type="text/css" href="../scribble.css" title="default"/><link rel="stylesheet" type="text/css" href="extras.css" title="default"/><link rel="stylesheet" type="text/css" href="../racket.css" title="default"/><link rel="stylesheet" type="text/css" href="../manual-style.css" title="default"/><link rel="stylesheet" type="text/css" href="../manual-racket.css" title="default"/><link rel="stylesheet" type="text/css" href="../manual-racket.css" title="default"/><link rel="stylesheet" type="text/css" href="../doc-site.css" title="default"/><script type="text/javascript" src="../scribble-common.js"></script><script type="text/javascript" src="../manual-racket.js"></script><script type="text/javascript" src="../manual-racket.js"></script><script type="text/javascript" src="../doc-site.js"></script><script type="text/javascript" src="../local-redirect/local-redirect.js"></script><script type="text/javascript" src="../local-redirect/local-user-redirect.js"></script><!--[if IE 6]><style type="text/css">.SIEHidden { overflow: hidden; }</style><![endif]--></head><body id="doc-racket-lang-org"><div class="tocset"><div class="tocview"><div class="tocviewlist tocviewlisttopspace"><div class="tocviewtitle"><table cellspacing="0" cellpadding="0"><tr><td style="width: 1em;"><a href="javascript:void(0);" title="Expand/Collapse" class="tocviewtoggle" onclick="TocviewToggle(this,"tocview_0");">►</a></td><td></td><td><a href="index.html" class="tocviewlink" data-pltdoc="x">The Racket Reference</a></td></tr></table></div><div class="tocviewsublisttop" style="display: none;" id="tocview_0"><table cellspacing="0" cellpadding="0"><tr><td align="right">1 </td><td><a href="model.html" class="tocviewlink" data-pltdoc="x">Language Model</a></td></tr><tr><td align="right">2 </td><td><a href="notation.html" class="tocviewlink" data-pltdoc="x">Notation for Documentation</a></td></tr><tr><td align="right">3 </td><td><a href="syntax.html" class="tocviewlink" data-pltdoc="x">Syntactic Forms</a></td></tr><tr><td align="right">4 </td><td><a href="data.html" class="tocviewlink" data-pltdoc="x">Datatypes</a></td></tr><tr><td align="right">5 </td><td><a href="structures.html" class="tocviewlink" data-pltdoc="x">Structures</a></td></tr><tr><td align="right">6 </td><td><a href="mzlib_class.html" class="tocviewlink" data-pltdoc="x">Classes and Objects</a></td></tr><tr><td align="right">7 </td><td><a href="mzlib_unit.html" class="tocviewlink" data-pltdoc="x">Units</a></td></tr><tr><td align="right">8 </td><td><a href="contracts.html" class="tocviewlink" data-pltdoc="x">Contracts</a></td></tr><tr><td align="right">9 </td><td><a href="match.html" class="tocviewlink" data-pltdoc="x">Pattern Matching</a></td></tr><tr><td align="right">10 </td><td><a href="control.html" class="tocviewlink" data-pltdoc="x">Control Flow</a></td></tr><tr><td align="right">11 </td><td><a href="concurrency.html" class="tocviewlink" data-pltdoc="x">Concurrency and Parallelism</a></td></tr><tr><td align="right">12 </td><td><a href="Macros.html" class="tocviewlink" data-pltdoc="x">Macros</a></td></tr><tr><td align="right">13 </td><td><a href="input-and-output.html" class="tocviewlink" data-pltdoc="x">Input and Output</a></td></tr><tr><td align="right">14 </td><td><a href="security.html" class="tocviewselflink" data-pltdoc="x">Reflection and Security</a></td></tr><tr><td align="right">15 </td><td><a href="os.html" class="tocviewlink" data-pltdoc="x">Operating System</a></td></tr><tr><td align="right">16 </td><td><a href="memory.html" class="tocviewlink" data-pltdoc="x">Memory Management</a></td></tr><tr><td align="right">17 </td><td><a href="unsafe.html" class="tocviewlink" data-pltdoc="x">Unsafe Operations</a></td></tr><tr><td align="right">18 </td><td><a href="running.html" class="t
			`by <span class="RktSym"><a href="securityguards.html#%28def._%28%28quote._~23~25kernel%29._make-security-guard%29%29" class="RktValLink" data-pltdoc="x">make-security-guard</a></span>, <span class="RktVal">#f</span> otherwise.</div></p><p>A <a name="(tech._security._guard)"></a><span style="font-style: italic">security guard</span> provides a set of access-checking`
			`procedures to be called when a thread initiates access of a file,`
			`directory, or network connection through a primitive procedure. For`
			`example, when a thread calls <span class="RktSym"><a href="file-ports.html#%28def._%28%28lib._racket%2Fprivate%2Fbase..rkt%29._open-input-file%29%29" class="RktValLink" data-pltdoc="x">open-input-file</a></span>, the thread’s`
			`current security guard is consulted to check whether the thread is`
			`allowed read access to the file. If access is granted, the thread`
			`receives a port that it may use indefinitely, regardless of changes to`
			`the security guard (although the port’s custodian could shut down the`
			`port; see <a href="custodians.html" data-pltdoc="x">Custodians</a>).</p><p>A thread’s current security guard is determined by the`
			`<span class="RktSym"><a href="securityguards.html#%28def._%28%28quote._~23~25kernel%29._current-security-guard%29%29" class="RktValLink" data-pltdoc="x">current-security-guard</a></span> parameter. Every security guard has a`
			`parent, and a parent’s access procedures are called whenever a child’s`
			`access procedures are called. Thus, a thread cannot increase its own`
			`access arbitrarily by installing a new guard. The initial security`
			`guard enforces no access restrictions other than those enforced by the`
			host platform.</p><p><div class="SIntrapara"><blockquote class="SVInsetFlow"><table cellspacing="0" cellpadding="0" class="boxed RBoxed"><tr><td><blockquote class="SubFlow"><div class="RBackgroundLabel SIEHidden"><div class="RBackgroundLabelInner"><p>procedure</p></div></div><table cellspacing="0" cellpadding="0" class="prototype RForeground"><tr><td valign="top"><span class="RktPn">(</span><a name="(def._((quote._~23~25kernel)._make-security-guard))"></a><span title="Provided from: racket/base, racket \| Package: base"><span class="RktSym"><a href="securityguards.html#%28def._%28%28quote._~23~25kernel%29._make-security-guard%29%29" class="RktValDef RktValLink" data-pltdoc="x">make-security-guard</a></span></span></td><td valign="top"><span class="hspace"> </span></td><td valign="top"><span class="RktVar">parent</span></td><td valign="top"><span class="hspace"> </span></td><td valign="top"><span class="hspace"> </span></td><td valign="top"><span class="hspace"> </span></td><td valign="top"><span class="hspace"> </span></td></tr><tr><td valign="top"><span class="hspace"> </span></td><td valign="top"><span class="hspace"> </span></td><td valign="top"><span class="RktVar">file-guard</span></td><td valign="top"><span class="hspace"> </span></td><td valign="top"><span class="hspace"> </span></td><td valign="top"><span class="hspace"> </span></td><td valign="top"><span class="hspace"> </span></td></tr><tr><td valign="top"><span class="hspace"> </span></td><td valign="top"><span class="hspace"> </span></td><td valign="top"><span class="RktVar">network-guard</span></td><td valign="top"><span class="hspace"> </span></td><td valign="top"><span class="hspace"> </span></td><td valign="top"><span class="hspace"> </span></td><td valign="top"><span class="hspace"> </span></td></tr><tr><td valign="top"><span class="hspace"> </span></td><td valign="top"><span class="hspace"> </span><span class="RktOpt">[</span></td><td valign="top"><span class="RktVar">link-guard</span><span class="RktOpt">]</span><span class="RktPn">)</span></td><td valign="top"><span class="hspace"> </span></td><td valign="top">→</td><td valign="top"><span class="hspace"> </span></td><td valign="top"><span class="RktSym"><a href="securityguards.html#%28def._%28%28quote._~23~25kernel%29._security-guard~3f%29%29" class="RktValLink" data-pltdoc="x">security-guard?</a></span></td></tr></table></blockquote></td></tr><tr><td><span class="hspace">  </span><span class="RktVar">parent</span><span class="hspace"> </span>:<span class="hspace"> </span><span class="RktSym"><a href="securityguards.html#%28def._%28%28quote._~23~25kernel%29._security-guard~3f%29%29" class="RktValLink" data-pltdoc="x">security-guard?</a></span></td></tr><tr><td><table cellspacing="0" cellpadding="0" class="argcontract"><tr><td valign="top"><span class="hspace">  </span></td><td valign="top"><span class="RktVar">file-guard</span></td><td valign="top"><span class="hspace"> </span></td><td valign="top">:</td><td valign="top"><span class="hspace"> </span></td><td valign="top"><table cellspacing="0" cellpadding="0" class="RktBlk"><tr><td><span class="RktPn">(</span><span class="RktSym"><a href="symbols.html#%28def._%28%28quote._~23~25kernel%29._symbol~3f%29%29" class="RktValLink" data-pltdoc="x">symbol?</a></span></td></tr><tr><td><span class="hspace"> </span><span class="RktPn">(</span><span class="RktSym"><a href="data-structure-contracts.html#%28def._%28%28lib._racket%2Fcontract%2Fbase..rkt%29._or%2Fc%29%29" class="RktValLink" data-pltdoc="x">or/c</a></span><span class="hspace"> </span><span class="RktSym"><a href="Manipulating_Paths.html#%28def._%28%28quote._~23~25kernel%29._path~3f%29%29" class="RktValLink" data-pltdoc="x">path?</a></span><span class="hspace"> </span><span class="RktVal">#f</span><span class="RktPn">)</span></td></tr><tr><td><span class="hspace"> </span><span class="RktPn">(</span><span class="RktSym"><a href="data-str
			`check, which is useful for raising an exception to deny access.</p></li><li><p>a path (see <a href="pathutils.html" data-pltdoc="x">Paths</a>) or <span class="RktVal">#f</span> for`
			`pathless queries, such as <span class="RktPn">(</span><span class="RktSym"><a href="Filesystem.html#%28def._%28%28quote._~23~25kernel%29._current-directory%29%29" class="RktValLink" data-pltdoc="x">current-directory</a></span><span class="RktPn">)</span>,`
			<span class="RktPn">(</span><span class="RktSym"><a href="Filesystem.html#%28def._%28%28quote._~23~25kernel%29._filesystem-root-list%29%29" class="RktValLink" data-pltdoc="x">filesystem-root-list</a></span><span class="RktPn">)</span>, and <span class="RktPn">(</span><span class="RktSym"><a href="Filesystem.html#%28def._%28%28quote._~23~25kernel%29._find-system-path%29%29" class="RktValLink" data-pltdoc="x">find-system-path</a></span><span class="stt"> </span><span class="RktVar">symbol</span><span class="RktPn">)</span>. A path provided to <span class="RktVar">file-guard</span> is not expanded or
			`otherwise normalized before checking access; it may be a relative`
			`path, for example.</p></li><li><p>a list containing one or more of the following`
			`symbols:</p><ul><li><p><a name="(idx._(gentag._280._(lib._scribblings/reference/reference..scrbl)))"></a><span class="RktVal">'</span><span class="RktVal">read</span> —<wbr></wbr> read a file or directory</p></li><li><p><a name="(idx._(gentag._281._(lib._scribblings/reference/reference..scrbl)))"></a><span class="RktVal">'</span><span class="RktVal">write</span> —<wbr></wbr> modify or create a file or`
			directory</p></li><li><p><a name="(idx._(gentag._282._(lib._scribblings/reference/reference..scrbl)))"></a><span class="RktVal">'</span><span class="RktVal">execute</span> —<wbr></wbr> execute a file</p></li><li><p><a name="(idx._(gentag._283._(lib._scribblings/reference/reference..scrbl)))"></a><span class="RktVal">'</span><span class="RktVal">delete</span> —<wbr></wbr> delete a file or directory</p></li><li><p><a name="(idx._(gentag._284._(lib._scribblings/reference/reference..scrbl)))"></a><span class="RktVal">'</span><span class="RktVal">exists</span> —<wbr></wbr> determine whether a file or
			`directory exists, or that a path string is well-formed</p></li></ul><p>The <span class="RktVal">'</span><span class="RktVal">exists</span> symbol is never combined with other symbols in`
			`the last argument to <span class="RktVar">file-guard</span>, but any other combination is`
			`possible. When the second argument to <span class="RktVar">file-guard</span> is <span class="RktVal">#f</span>,`
			`the last argument always contains only <span class="RktVal">'</span><span class="RktVal">exists</span>.</p></li></ul><p>The <span class="RktVar">network-guard</span> procedure must accept four arguments:</p><ul><li><p>a symbol for the primitive operation that triggered the access`
			`check, which is useful for raising an exception to deny access.</p></li><li><p>an immutable string representing the target hostname for a`
			`client connection or the accepting hostname for a listening server;`
			`<span class="RktVal">#f</span> for a listening server or UDP socket that accepts`
			`connections at all of the host’s address; or <span class="RktVal">#f</span> an unbound`
			`UDP socket.</p></li><li><p>an exact integer between <span class="RktVal">1</span> and <span class="RktVal">65535</span>`
			`(inclusive) representing the port number, or <span class="RktVal">#f</span> for an`
			`unbound UDP socket. In the case of a client connection, the port`
			`number is the target port on the server. For a listening server, the`
			`port number is the local port number.</p></li><li><p>a symbol, either <a name="(idx._(gentag._285._(lib._scribblings/reference/reference..scrbl)))"></a><span class="RktVal">'</span><span class="RktVal">client</span> or`
			`<a name="(idx._(gentag._286._(lib._scribblings/reference/reference..scrbl)))"></a><span class="RktVal">'</span><span class="RktVal">server</span>, indicating whether the check is for the`
			`creation of a client connection or a listening server. The opening of`
			`an unbound UDP socket is identified as a <span class="RktVal">'</span><span class="RktVal">client</span> connection;`
			`explicitly binding the socket is identified as a <span class="RktVal">'</span><span class="RktVal">server</span>`
			`action.</p></li></ul><p>The <span class="RktVar">link-guard</span> argument can be <span class="RktVal">#f</span> or a procedure of`
			`three arguments:</p><ul><li><p>a symbol for the primitive procedure that triggered the access`
			`check, which is useful for raising an exception to deny access.</p></li><li><p>a complete path (see <a href="pathutils.html" data-pltdoc="x">Paths</a>) representing the`
			`file to create as link.</p></li><li><p>a path representing the content of the link, which may be`
			`relative the second-argument path; this path is not expanded or`
			`otherwise normalized before checking access.</p></li></ul><p>If <span class="RktVar">link-guard</span> is <span class="RktVal">#f</span>, then a default`
			`procedure is used that always raises <span class="RktSym"><a href="exns.html#%28def._%28%28lib._racket%2Fprivate%2Fbase..rkt%29._exn~3afail%29%29" class="RktValLink" data-pltdoc="x">exn:fail</a></span>.</p><p>The return value of <span class="RktVar">file-guard</span>, <span class="RktVar">network-guard</span>, or`
			`<span class="RktVar">link-guard</span> is ignored. To deny access, the procedure must`
			`raise an exception or otherwise escape from the context of the`
			`primitive call. If the procedure returns, the parent’s corresponding`
			`procedure is called on the same inputs, and so on up the chain of`
			`security guards.</p><p>The <span class="RktVar">file-guard</span>, <span class="RktVar">network-guard</span>, and`
			`<span class="RktVar">link-guard</span> procedures are invoked in the thread that called`
			`the access-checked primitive. Breaks may or may not be enabled (see`
			`<a href="breakhandler.html" data-pltdoc="x">Breaks</a>). Full continuation jumps are blocked going`
			`into or out of the <span class="RktVar">file-guard</span> or <span class="RktVar">network-guard</span> call`
			(see <a href="eval-model.html#%28part._prompt-model%29" data-pltdoc="x">Prompts, Delimited Continuations, and Barriers</a>).</p><p><div class="SIntrapara"><blockquote class="SVInsetFlow"><table cellspacing="0" cellpadding="0" class="boxed RBoxed"><tr><td><blockquote class="SubFlow"><div class="RBackgroundLabel SIEHidden"><div class="RBackgroundLabelInner"><p>parameter</p></div></div><p class="RForeground"><span class="RktPn">(</span><a name="(def._((quote._~23~25kernel)._current-security-guard))"></a><span title="Provided from: racket/base, racket \| Package: base"><span class="RktSym"><a href="securityguards.html#%28def._%28%28quote._~23~25kernel%29._current-security-guard%29%29" class="RktValDef RktValLink" data-pltdoc="x">current-security-guard</a></span></span><span class="RktPn"></span><span class="RktPn">)</span><span class="hspace"> </span>→<span class="hspace"> </span><span class="RktSym"><a href="securityguards.html#%28def._%28%28quote._~23~25kernel%29._security-guard~3f%29%29" class="RktValLink" data-pltdoc="x">security-guard?</a></span></p></blockquote></td></tr><tr><td><span class="RktPn">(</span><span title="Provided from: racket/base, racket \| Package: base"><span class="RktSym"><a href="securityguards.html#%28def._%28%28quote._~23~25kernel%29._current-security-guard%29%29" class="RktValDef RktValLink" data-pltdoc="x">current-security-guard</a></span></span><span class="hspace"> </span><span class="RktVar">guard</span><span class="RktPn">)</span><span class="hspace"> </span>→<span class="hspace"> </span><span class="RktSym"><a href="void.html#%28def._%28%28quote._~23~25kernel%29._void~3f%29%29" class="RktValLink" data-pltdoc="x">void?</a></span></td></tr><tr><td><span class="hspace">  </span><span class="RktVar">guard</span><span class="hspace"> </span>:<span class="hspace"> </span><span class="RktSym"><a href="securityguards.html#%28def._%28%28quote._~23~25kernel%29._security-guard~3f%29%29" class="RktValLink" data-pltdoc="x">security-guard?</a></span></td></tr></table></blockquote></div><div class="SIntrapara">A <a href="eval-model.html#%28tech._parameter%29" class="techoutside" data-pltdoc="x"><span class="techinside">parameter</span></a> that determines the current security guard that controls
			access to the filesystem and network.</div></p><div class="navsetbottom"><span class="navleft"><form class="searchform"><input class="searchbox" id="searchbox" type="text" tabindex="1" placeholder="...search manuals..." title="Enter a search string to search the manuals" onkeypress="return DoSearchKey(event, this, "8.6", "../");"/></form>  <a href="https://docs.racket-lang.org/index.html" title="up to the documentation top" data-pltdoc="x" onclick="return GotoPLTRoot("8.6");">top</a><span class="tocsettoggle">  <a href="javascript:void(0);" title="show/hide table of contents" onclick="TocsetToggle();">contents</a></span></span><span class="navright">  <a href="chaperones.html" title="backward to "14.5 Impersonators and Chaperones"" data-pltdoc="x">← prev</a>  <a href="security.html" title="up to "14 Reflection and Security"" data-pltdoc="x">up</a>  <a href="custodians.html" title="forward to "14.7 Custodians"" data-pltdoc="x">next →</a></span> </div></div></div><div id="contextindicator"> </div></body></html>