a runhugs sandbox?

Keith Wansbrough Keith.Wansbrough@cl.cam.ac.uk
Thu, 26 Apr 2001 11:16:09 +0100


> I am using (run)hugs to grade students' homework:
> they send some Haskell code (by email), 
> this gets imported from a test program which is run by `runhugs'
> (and its output is mailed back to the sender).
> 
> Now, running arbitrary programs is potentially dangerous, 
> but Haskell's type system ensures that they don't do nasty IO stuff - 
> as long as students don't know about unsafePerformIO. 
> 
> What is a realiable way to prohibit the usage of such functions? 

You might try a Unix-style way of doing it... use chroot(1) or chroot(2) to provide an environment within which the code can do what it likes, but be insulated from the rest of the system.

Just an idea.  I haven't tried it.

--KW 8-)
-- 
Keith Wansbrough <kw217@cl.cam.ac.uk>
http://www.cl.cam.ac.uk/users/kw217/
Cambridge University Computer Laboratory.