Thanks guys, I got lot of ideas already. I will try to implements that restricted mode.
I already implemented something that will help me to counter any infinite loops:
which can pose a problem as well.

2012/11/12 Juan Jose Garcia-Ripoll <>
Trying to precise an answer from a private email

On Mon, Nov 12, 2012 at 12:47 AM, Peter Enerccio <> wrote:
it should not be possible to break into another object's code

This is only possible through the MP package, which allows interrupting other processes. If this package is not available for your code, this is solved
or environment from other objects

The "environment" in Common Lisp is made of
1* global variable bindings
2* special variable re-bindings (as in (let ((*my-special-var* foo)) ...)
3* local variable bindings
4* object slots

You can either enforce that 1* is impossible in your code (global variables should be avoided if possible), or override all global bindings in code that runs using 2* as in (progv list-of-special-variables list-of-initial-assignments (eval user-code-to-be-evaluated)). 3* is not accessible from one running code to the other. 4* is accessible only if you provide other code with explicit references to those objects.

Since there are no pointers in Common Lisp and your DSL does not have neither "eval" nor arbitrary symbols, there is no easy way you can overcome this simple-minded security scheme. But once again, this is not something ECL specific and you might get more information either in c.l.l, in the "pro" common lisp mailing list or in the #irc channel.


Instituto de Física Fundamental, CSIC
c/ Serrano, 113b, Madrid 28006 (Spain)

Bc. Peter Vaňušanik