For those who are interested (and I already chatted with Chris on IRC), I've implemented a pastebin that is able to (among some other things) to run arbitrary Haskell code: http://paste.hskll.org/ I've also developed a 'restricted-workers' library for managing processes that should run in secured environment. I've described some of my endeavors in a blog post: http://parenz.wordpress.com/2013/07/15/interactive-diagrams-gsoc-progress-report/
Bottom line: proper restrictions are hard, the necessary tools operate on a low level, there are some caveats too On Sat, Oct 12, 2013 at 12:30 AM, Christopher Done <chrisd...@gmail.com>wrote: > Is there a definitive list of things in GHC that are unsafe to > _compile_ if I were to take an arbitrary module and compile it? > > E.g. off the top of my head, things that might be dangerous: > > * TemplateHaskell/QuasiQuotes -- obviously > * Are rules safe? > * #includes — I presume there's some security risk with including any old > file? > * FFI -- speaks for itself > > I'm interested in the idea of compiling Haskell code on lpaste.org, > for core, rule firings, maybe even Th expansion, etc. When sandboxing > code that I'm running, it's really easy if I whitelist what code is > available (parsing with HSE, whitelisting imports, extensions). The > problem of infinite loops or too much allocation is fairly > straight-forwardly solved by similar techniques applied in mueval. > > SafeHaskell helps a lot here, but suppose that I want to also allow > TemplateHaskell, GeneralizedNewtypeDeriving and stuff like that, > because a lot of real code uses those. They only seem to be restricted > to prevent cheeky messing with APIs in ways the authors of the APIs > didn't want -- but that shouldn't necessarily be a security—in terms > of my system—problem, should it? Ideally I'd very strictly whitelist > which modules are allowed to be used (e.g. a version of TH that > doesn't have runIO), and extensions, and then compile any code that > uses them. > > I'd rather not have to setup a VM just to compile Haskell code safely. > I'm willing to put some time in to investigate it, but if there's > already previous work done for this, I'd appreciate any links. > > At the end of the day, there's always just supporting a subset of > Haskell using SafeHaskell. I'm just curious about the more general > case, for use-cases similar to my own. > _______________________________________________ > Haskell-Cafe mailing list > Haskell-Cafe@haskell.org > http://www.haskell.org/mailman/listinfo/haskell-cafe > -- Sincerely yours, -- Daniil
_______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe