[Haskell-cafe] Compiling arbitrary Haskell code

Christopher Done chrisdone
Fri Oct 11 20:30:26 UTC 2013


Is there a definitive list of things in GHC that are unsafe to
_compile_ if I were to take an arbitrary module and compile it?

E.g. off the top of my head, things that might be dangerous:

* TemplateHaskell/QuasiQuotes -- obviously
* Are rules safe?
* #includes ? I presume there's some security risk with including any old file?
* FFI -- speaks for itself

I'm interested in the idea of compiling Haskell code on lpaste.org,
for core, rule firings, maybe even Th expansion, etc. When sandboxing
code that I'm running, it's really easy if I whitelist what code is
available (parsing with HSE, whitelisting imports, extensions). The
problem of infinite loops or too much allocation is fairly
straight-forwardly solved by similar techniques applied in mueval.

SafeHaskell helps a lot here, but suppose that I want to also allow
TemplateHaskell, GeneralizedNewtypeDeriving and stuff like that,
because a lot of real code uses those. They only seem to be restricted
to prevent cheeky messing with APIs in ways the authors of the APIs
didn't want -- but that shouldn't necessarily be a security?in terms
of my system?problem, should it? Ideally I'd very strictly whitelist
which modules are allowed to be used (e.g. a version of TH that
doesn't have runIO), and extensions, and then compile any code that
uses them.

I'd rather not have to setup a VM just to compile Haskell code safely.
I'm willing to put some time in to investigate it, but if there's
already previous work done for this, I'd appreciate any links.

At the end of the day, there's always just supporting a subset of
Haskell using SafeHaskell. I'm just curious about the more general
case, for use-cases similar to my own.



More information about the Haskell-Cafe mailing list