[Haskell-cafe] More on the random idea
Andrew Coppin
andrewcoppin at btinternet.com
Sun May 27 04:15:52 EDT 2007
Donald Bruce Stewart wrote:
> claus.reinke:
>
>>> The #haskell people have been working on this for about 3 years now.
>>> The result is the 'runplugs' program, which I've talked about in
>>> previous mails.
>>>
>>> http://www.cse.unsw.edu.au/~dons/code/lambdabot/scripts/RunPlugs.hs
>>>
>>> It uses hs-plugins for the evaluation, along with the points about IO
>>> prevention via type checking, resource limits controlled by the OS,
>>> language extension preventions, and a trusted (audited) module base.
>>>
>> great! and since it is presumably in daily use, there is both pressure to
>> fix holes as soon as they are discovered, and ongoing discovery in a
>> safe (or at least friendly) environment.
>>
>
> I've listed the mechanisms we use, and exploits that have been thought
> of, or discovered, over the years, on the page:
>
> http://haskell.org/haskellwiki/Safely_running_untrusted_Haskell_code
>
I'm liking where this is going... ;-)
Personally, I would think that denying access to "dangerous" funtions -
or better yet, only allowing access to obviously "safe" functions -
would be one half the problem, and using OS constraints to enforce
resource limits would be the other half. But then, I'm no expert, so
perhaps I've missed something...
More information about the Haskell-Cafe
mailing list