[Haskell-cafe] More on the random idea
Andrew Coppin
andrewcoppin at btinternet.com
Sat May 26 05:59:10 EDT 2007
Since the online lambdabot still doesn't seem to want to talk to me,
I've been thinking about how I might rectify the situation...
Apparently GHC has a flag that makes it execute a Haskell expression
directly. For example,
C:\> ghc -e "map (2*) [1,2,3]"
[2,4,6]
Now, if I could just figure out how to make a web server call GHC... I'm
laughing!
Oh, but there is the *minor* detail that I am literally allowing
unauthenticated users to perform arbitrary code execution. For example,
C:\> ghc -e "writeFile \"Test.txt\" \"Hi mum!\""
(Generates a file on my harddrive "Test.txt" containing the text "Hi mum!".)
AFAIK, Lambdabot dissalows any expression that performs IO. In Haskell,
this is beautifully easy: reject any expression having an IO type. And
it seems that GHC accepts not just an *expression*, but a *command*. In
particular, this works:
C:\> ghc -e ":t writeFile \"Test.txt\" \"Hi mum!\""
writeFile "Test.txt" "Hi mum!" :: IO ()
However, when you consider that the result type could be "IO ()" or "IO
String" or "IO [Either (Maybe Int, (String, Bool)) [Either (Int ->
String) (Complex Integer)]]", and the expression itself may well contain
the "::" sequence... you see we have a nontrivial parsing task here!
(Get the parsing wrong and somebody might be able to do Evil Things to
the box.)
The other possibility is to somehow run GHC under a user context that
doesn't *have* write access to anything on the filesystem. That way
there is no margin for error.
This leaves only the problem of how to make a web server call GHC. I can
think of a number of possibilities.
- Write my own HTTP server from scratch. (Not keen...)
- Configure Apache to do it. (Is that physically possible?)
- Use Apache and some bizzare Perl scripting to do the actual call.
(Assuming *that* is possible.)
- Use Apache and some Perl scripts to write the data to a text file, and
write a small Haskell program to poll the filesystem waiting for request
files to appear, run then though GHC, and put the result back into a
file. Write another Perl script to slurp up the result and send it back
to the caller.
- Doesn't Java have a free HTTP server implementation? Maybe I could use
that...
- ...others?
(I'm not sure why this should be, but it seems that Don has made several
replies to my emails that didn't show up in my inbox, and only show up
on the list archives. Oh well, anyway...)
I lurk on the POV-Ray NNTP server, and we recently had quite a
discussion about Haskell. I'd *love* to be able to say to people "hey,
you don't even need to bother working out how to install GHC, just CLICK
THIS LINK and you can play with Haskell instantly!" But at the moment
I'm not entirely sure how to set this up. Ideas?
More information about the Haskell-Cafe
mailing list