Version française
Home     About     Download     Resources     Contact us    
Browse thread
[Caml-list] Safe Caml for online teaching
[ Home ] [ Index: by date | by threads ]
[ Search: ]

[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
Date: -- (:)
From: Xavier Leroy <xavier.leroy@i...>
Subject: Re: [Caml-list] Safe Caml for online teaching
> The insertion of Caml-toplevel forms in Caml online HTML manuals could be
> attractive for beginners since it doesn't require the installation of Caml
> on the local machine.
> 
> This would require a strict control over the code that the user will want
> to be compiled and executed on the server.

François Rouaix did something along these lines to allow safe
execution of Caml applets in the MMM Web browser.  See
   http://pauillac.inria.fr/~xleroy/publi/sip-typed-applets.ps.gz
and skip the first 20 pages of maths :-)

Module thinning (removing "dangerous" functions and making "dangerous"
types abstract via signature constraints) goes a long way towards
securing the execution environment, but you are correct that some
language features, most notably "external" declarations, must be
turned off.  (In MMM, we did that via special options on the dynamic
linker Dynlink.)  

Generally speaking, language-based security is truly hard.  Even Java,
which was designed from the grounds up with security in mind, didn't
get it 100% right, as shown by the various exploits published (or
unpublished :-) in the last 5 years.

An alternate or complementary approach is systems-based security: run
the toplevel in a chroot()-ed environment, on a read-only file system,
after disabling most kernel capabilities (recent versions of Linux
lets you do this), etc.  No small work either.

- Xavier Leroy
-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners