We’ve used both the eval and the read commands in creating a custom Lisp REPL. These commands are very powerful, but also very dangerous. Using them without taking the proper precautions might allow a hacker to attack your software by running malicious commands.
For example, suppose our program needed a function called format-harddrive. This is not a function we would want just any person to have access to, and it could be very dangerous if a hacker somehow tricked our game REPL into calling it.
The game-eval function we created earlier in this chapter has some crude safeguards to prevent a player from entering format-harddrive as a game command. Here’s what happens if we try to run this command in our new game REPL:
>(game-repl)format-harddriveI do not know that command.
Our game-eval function will run only commands that are in an approved list. This gives our game a sort of firewall, which lets us access the powers of Lisp to evaluate commands while still preventing the player from hacking the game.
However, there are also more sophisticated exploits players could try. For instance, they could enter walk (format-harddrive). Fortunately, our game-read function forces all function parameters into data mode by using quote-it. By using quote-it in game-read, the actual code that is executed is (walk '(format-harddrive)). The quote in front of (format-hardrive) puts the malicious command into data mode, so nothing bad can happen.
One attack method that will break our program is to use reader macros. These are an advanced set of features, built into the Common Lisp read command, that open another avenue for executing malicious computer code. (Remember that before we use eval on game commands, they first pass through read.) An example of a game command that will successfully execute evil code is walk #.{format-harddrive}.
The bottom line is that you can never be sure that a Lisp program using eval or read is completely safe from a hacker. When writing production Lisp code, you should try to avoid these two commands when possible.