[Haskell-cafe] ANN: Mueval 0.21

Gwern Branwen gwern0 at gmail.com
Sat Jun 14 08:30:12 EDT 2008

Hiya everyone. I'd like to announce the release of a little CLI program I whipped up. It's called mueval <http://hackage.haskell.org/cgi-bin/hackage-scripts/package/mueval>.

Mueval grew out of my discontent with Lambdabot: it's really neat to be able to run expressions like this:

07:53 < ivanm> > filter (\ x -> isLetter x || x == '\t') "asdf$#$     dfs"
07:55 < lambdabot>  "asdfdfs"

But lambdabot is crufty and very difficult to install or run. IMO, we need a replacement or rewrite, but one of the things that make this difficult is that lambdabot uses hs-plugins to get that sort of evaluation functionality, and hs-plugins is half the problem. We want some sort of standalone executable which provides that functionality. Now, 'ghc -e' is obviously unsuited because there is no sandboxing, so what I've done is basically marry the GHC API (as rendered less sharp-edged by Hint) with a bunch of resource limits and sandboxing (as largely stolen from lambdabot).

The end result is an adorable little program, which you can use like this:

 bash-3.2$ mueval --expression '1*100+1'
 Expression type: (Num t) => t
 result: "101"

 bash-3.2$ mueval --expression "filter (\`notElem\` ['A'..'Z']) \"abcXsdzWEE\""
 Expression type: [Char]
 result: "\"abcsdz\""

Note that mueval will avoid all the attacks I've been able to test on it:

 bash-3.2$ mueval --expression 'let x = x in x'
 Expression type: t
 result: "mueval: Time limit exceeded

 bash-3.2$ mueval --expression "let foo = readFile \"/etc/passwd\" >>= print in foo"
 Expression type: IO ()
 result: "<IO ()>"

 bash-3.2$ mueval --module System.IO.Unsafe --expression "let foo = unsafePerformIO readFile \"/etc/passwd\" in foo"
 mueval: Unknown or untrusted module supplied! Aborting.

Anyway, it's my hope that this will be useful as an example or useful in itself for people endeavouring to fix the lambdabot situation or just in safely running code period.

You can download mueval at the usual place: <http://hackage.haskell.org/cgi-bin/hackage-scripts/package/mueval>. (There will probably be a darcs repository at some point.)

Mueval isn't feature-complete yet. The last thing I want to add is an ability to change the current user to 'mubot', which presumably the user will have set up to have access to next to nothing much like is already often done with daemons, but I haven't been able to figure out how to do this - the only suitable function I've found is 'setUID', and that requires one to be root...

SHA Fetish Ceridian Eurosat munitions MCI spies 26 M.P.R.I. ISN
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://www.haskell.org/pipermail/haskell-cafe/attachments/20080614/883cac24/attachment.bin

More information about the Haskell-Cafe mailing list