Safe Haskell trust

Fabian Bergmark fabian.bergmark at gmail.com
Mon Mar 17 13:10:09 UTC 2014


I downloaded aeson and modified Data.Aeson to be trustworthy and I can
now use it with Hint and XSafe. I however stumbled upon some strange
behavior. I use loadModules to import some modules from the same
package, and then use setImports with a list of user provided modules.
Some explanation about their difference would be appreciated, as the
documentation is rather short. The modules loaded with loadModules
seems to be checked, ie. can't import unsafe modules, but those
imported with setImports are not, ie. the user can import unsafe
modules.

Have I misunderstood the documentation or is this a flaw in Hint?

2014-03-16 18:34 GMT+01:00 Edward Kmett <ekmett at gmail.com>:
> Not directly. You can, however, make a Trustworthy module that re-exports
> the (parts of) the Unsafe ones you want to allow yourself to use.
>
> -Edward
>
>
> On Sun, Mar 16, 2014 at 12:57 PM, Fabian Bergmark
> <fabian.bergmark at gmail.com> wrote:
>>
>> Im using the Hint library in a project where users are able to upload
>> and run code. As I don't want them to do any IO, I run the interpreter
>> with -XSafe. However, some packages (in my case aeson) are needed and
>> I therefore tried marking them as trusted with ghc-pkg trust aeson.
>> This seems to have no effect however and the interpreter fails with:
>>
>> Data.Aeson: Can't be safely imported! The module itself isn't safe
>>
>> Is there any way to get XSafe-like guarantees with the ability of
>> allowing certain packages?
>> _______________________________________________
>> Glasgow-haskell-users mailing list
>> Glasgow-haskell-users at haskell.org
>> http://www.haskell.org/mailman/listinfo/glasgow-haskell-users
>
>


More information about the Glasgow-haskell-users mailing list