Version française
Home     About     Download     Resources     Contact us    
Browse thread
Sandboxing in ocaml
[ Home ] [ Index: by date | by threads ]
[ Search: ]

[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
Date: -- (:)
From: Christian Szegedy <szegedy@t...>
Subject: Re: [Caml-list] Sandboxing in ocaml
Jacques Garrigue wrote:

>>Is this possible in ocaml to dynamically load some (bytcode) OCaml file 
>>and run it in a safe environment, that is only using a small subset of 
>>selected functions instead of the whole Pervasives?
>>    
>>
>
>This is the intent of Dynlink.allow_only.
>Not however that allowing is done on a unit base, so if you want to
>allow only some functions in a unit, you must create a new one
>containing only those, and compile your file against those (otherwise you
>won't be able to load it).
>This is the way MMM applets are made safe.
>  
>
Excellent! This sounds exactly what I want. Can I forbid
the Pervasives unit while linking the applet?

Thanks a lot, Christian