[Haskell-cafe] Compiling arbitrary Haskell code

Daniil Frumin difrumin at gmail.com
Mon Oct 14 09:58:56 UTC 2013


For those who are interested (and I already chatted with Chris on IRC),
I've implemented a pastebin that is able to (among some other things) to
run arbitrary Haskell code: http://paste.hskll.org/
I've also developed a 'restricted-workers' library for managing processes
that should run in secured environment. I've described some of my endeavors
in a blog post:
http://parenz.wordpress.com/2013/07/15/interactive-diagrams-gsoc-progress-report/

Bottom line: proper restrictions are hard, the necessary tools operate on a
low level, there are some caveats too


On Sat, Oct 12, 2013 at 12:30 AM, Christopher Done <chrisdone at gmail.com>wrote:

> Is there a definitive list of things in GHC that are unsafe to
> _compile_ if I were to take an arbitrary module and compile it?
>
> E.g. off the top of my head, things that might be dangerous:
>
> * TemplateHaskell/QuasiQuotes -- obviously
> * Are rules safe?
> * #includes — I presume there's some security risk with including any old
> file?
> * FFI -- speaks for itself
>
> I'm interested in the idea of compiling Haskell code on lpaste.org,
> for core, rule firings, maybe even Th expansion, etc. When sandboxing
> code that I'm running, it's really easy if I whitelist what code is
> available (parsing with HSE, whitelisting imports, extensions). The
> problem of infinite loops or too much allocation is fairly
> straight-forwardly solved by similar techniques applied in mueval.
>
> SafeHaskell helps a lot here, but suppose that I want to also allow
> TemplateHaskell, GeneralizedNewtypeDeriving and stuff like that,
> because a lot of real code uses those. They only seem to be restricted
> to prevent cheeky messing with APIs in ways the authors of the APIs
> didn't want -- but that shouldn't necessarily be a security—in terms
> of my system—problem, should it? Ideally I'd very strictly whitelist
> which modules are allowed to be used (e.g. a version of TH that
> doesn't have runIO), and extensions, and then compile any code that
> uses them.
>
> I'd rather not have to setup a VM just to compile Haskell code safely.
> I'm willing to put some time in to investigate it, but if there's
> already previous work done for this, I'd appreciate any links.
>
> At the end of the day, there's always just supporting a subset of
> Haskell using SafeHaskell. I'm just curious about the more general
> case, for use-cases similar to my own.
> _______________________________________________
> Haskell-Cafe mailing list
> Haskell-Cafe at haskell.org
> http://www.haskell.org/mailman/listinfo/haskell-cafe
>



-- 
Sincerely yours,
-- Daniil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.haskell.org/pipermail/haskell-cafe/attachments/20131014/94865cf3/attachment.html>


More information about the Haskell-Cafe mailing list