Version française
Home     About     Download     Resources     Contact us    
Browse thread
Securely loading and running untrusted modules
[ Home ] [ Index: by date | by threads ]
[ Search: ]

[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
Date: -- (:)
From: sejourne_kevin <sejourne_kevin@y...>
Subject: Re: [Caml-list] Securely loading and running untrusted modules
Jacques Garrigue a écrit :
> From: Richard Jones <rich@annexia.org>
> 
>>A much more serious problem which I've just found is that _any_ module
>>(even the empty module) seems to require Pervasives.  Thus it seems to
>>be impossible to create any OCaml code which could be loaded by
>>Dynlink where Dynlink.allow_only does not specify "Pervasives".
> 
> 
> This is why there is a compiler option named -nopervasives.
> Basically your approach is right. If you compile the .ml files
> yourself, this is safe, as long as there is no bug in the compiler.
> Since there are certainly some, you have to follow messages on the
> list and upgrade the compiler when needed, as for any security
> issue...
> 
> Jacques Garrigue
I can't find the way to use 'nopervasives' correctly, here is my test:
test.ml :
----------------
struct Pervasives = struct
	(* Here the code steal from pervasives.ml *)
end;;
open Pervasives;;
print_endline "hello world";;
----------------
[20:55:58 ~] ocamlc -nopervasives -o test test.ml
[20:56:25 ~] ./test
hello world
[20:56:28 ~]

strange....


Kévin.