Donald Bruce Stewart wrote:
claus.reinke:
The #haskell people have been working on this for about 3 years now.
The result is the 'runplugs' program, which I've talked about in
previous mails.
http://www.cse.unsw.edu.au/~dons/code/lambdabot/scripts/RunPlugs.hs
It uses hs-plugins for the evaluation, along with the points about IO
prevention via type checking, resource limits controlled by the OS,
language extension preventions, and a trusted (audited) module base.
great! and since it is presumably in daily use, there is both pressure to
fix holes as soon as they are discovered, and ongoing discovery in a
safe (or at least friendly) environment.
I've listed the mechanisms we use, and exploits that have been thought
of, or discovered, over the years, on the page:
http://haskell.org/haskellwiki/Safely_running_untrusted_Haskell_code
I'm liking where this is going... ;-)
Personally, I would think that denying access to "dangerous" funtions -
or better yet, only allowing access to obviously "safe" functions -
would be one half the problem, and using OS constraints to enforce
resource limits would be the other half. But then, I'm no expert, so
perhaps I've missed something...
_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
