IO security

[Ch. A. Herrmann]

Hi GHC users,

I'm looking for secure compile and run-time methods to ensure 
automatically that Haskell modules cannot perform particular 
IO operations. Therefore, I've got some questions that might 
be interesting for other people using GHC as well.

   o There are functions like "unsafePerformIO". How many of these
     unsafe functions exist and what are their names? Is there
     a possibility to tell GHC to reject programs in which
     such functions occur? Concerning, e.g.,  the rewrite-rule system,
     how can we prevent that these functions are applied by
     some trick, invisible by an automatic inspection of the
     source code?
 
   o Is the function "print" secure in the sense that all stuff
     it produces is restricted to go to stdout, even if strange
     sequences of control characters appear?

   o Is there a way to tell the GHC run-time system to block
     file operations or system calls coming from the
     application program, while permitting input/output
     via stdin/stdout?

Thanks in advance
--
 Christoph Herrmann