Safe Haskell trust

Daniel Gorín dgorin at dc.uba.ar
Mon Mar 17 15:08:57 UTC 2014


Hi Fabian,

In general, the behavior you get from hint should be more or less the same one you would observe in ghci, the mapping being roughly:

loadModules ~~~> :load
setImports ~~~~> :module

In ghci, if you have a package installed (and is not hidden in your session), then I believe you can use :module to put any of its public modules in scope with (Safe or otherwise), am I right? If so, that should explain what you are observing…

Daniel

On 17 Mar 2014, at 14:10, Fabian Bergmark <fabian.bergmark at gmail.com> wrote:

> I downloaded aeson and modified Data.Aeson to be trustworthy and I can
> now use it with Hint and XSafe. I however stumbled upon some strange
> behavior. I use loadModules to import some modules from the same
> package, and then use setImports with a list of user provided modules.
> Some explanation about their difference would be appreciated, as the
> documentation is rather short. The modules loaded with loadModules
> seems to be checked, ie. can't import unsafe modules, but those
> imported with setImports are not, ie. the user can import unsafe
> modules.
> 
> Have I misunderstood the documentation or is this a flaw in Hint?
> 
> 2014-03-16 18:34 GMT+01:00 Edward Kmett <ekmett at gmail.com>:
>> Not directly. You can, however, make a Trustworthy module that re-exports
>> the (parts of) the Unsafe ones you want to allow yourself to use.
>> 
>> -Edward
>> 
>> 
>> On Sun, Mar 16, 2014 at 12:57 PM, Fabian Bergmark
>> <fabian.bergmark at gmail.com> wrote:
>>> 
>>> Im using the Hint library in a project where users are able to upload
>>> and run code. As I don't want them to do any IO, I run the interpreter
>>> with -XSafe. However, some packages (in my case aeson) are needed and
>>> I therefore tried marking them as trusted with ghc-pkg trust aeson.
>>> This seems to have no effect however and the interpreter fails with:
>>> 
>>> Data.Aeson: Can't be safely imported! The module itself isn't safe
>>> 
>>> Is there any way to get XSafe-like guarantees with the ability of
>>> allowing certain packages?
>>> _______________________________________________
>>> Glasgow-haskell-users mailing list
>>> Glasgow-haskell-users at haskell.org
>>> http://www.haskell.org/mailman/listinfo/glasgow-haskell-users
>> 
>> 
> _______________________________________________
> Glasgow-haskell-users mailing list
> Glasgow-haskell-users at haskell.org
> http://www.haskell.org/mailman/listinfo/glasgow-haskell-users



More information about the Glasgow-haskell-users mailing list