a runhugs sandbox?

Thu, 26 Apr 2001 10:32:29 +0200 (MET DST)

Dear all, 

I am using (run)hugs to grade students' homework:
they send some Haskell code (by email), 
this gets imported from a test program which is run by `runhugs'
(and its output is mailed back to the sender).

Now, running arbitrary programs is potentially dangerous, 
but Haskell's type system ensures that they don't do nasty IO stuff - 
as long as students don't know about unsafePerformIO. 

What is a realiable way to prohibit the usage of such functions? 
I tried the brute force method of removing share/hugs/lib/exts/* altogether, 
but runhugs somehow needs it (why?) (and Random needs it anyway).

The next thing would be to disallow any import statements in students' code.
But this would as well prohibit the import of "pure" modules (like List).

A more far reaching idea would be a "tainted" mode (a la Perl) 
for (run)hugs (and a "tainted" attribute, defined in the language).

Any thoughts?
-- 
-- Johannes Waldmann ---- http://www.informatik.uni-leipzig.de/~joe/ --
-- joe@informatik.uni-leipzig.de -- phone/fax (+49) 341 9732 204/252 --