From fade0f7922290c96f5ef65798df011d0d2bd4340 Mon Sep 17 00:00:00 2001
From: Kaz Kylheku <kaz@kylheku.com>
Date: Sat, 18 Mar 2017 08:02:21 -0700
Subject: Use original *packages-alist* value for auto-load.

* lisplib.c (lisplib_try_load): Around the load, don't just
bind *package* to the user package, but also *package-alist*
to the original initialization-time list of packages.
This allows auto-loading to work in sandboxed code.
This has security implications: if sandboxed code can somehow
trigger an error situation in an auto-load which then
calls back into a handler in the sandboxed code, it then
has access to the full usr and sys packages.
---
 lisplib.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lisplib.c b/lisplib.c
index cbe2de5d..93e48def 100644
--- a/lisplib.c
+++ b/lisplib.c
@@ -570,6 +570,7 @@ val lisplib_try_load(val sym)
      val saved_dyn_env = dyn_env;
      dyn_env = make_env(nil, nil, dyn_env);
      env_vbind(dyn_env, package_s, user_package);
+     env_vbind(dyn_env, package_alist_s, packages);
      funcall(fun);
      dyn_env = saved_dyn_env;
      debug_restore_state(ds);
-- 
cgit v1.2.3