Version française
Home     About     Download     Resources     Contact us    

This site is updated infrequently. For up-to-date information, please visit the new OCaml website at

Browse thread
Securely loading and running untrusted modules
[ Home ] [ Index: by date | by threads ]
[ Search: ]

[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
Date: 2005-04-05 (18:48)
From: sejourne_kevin <sejourne_kevin@y...>
Subject: Re: [Caml-list] Securely loading and running untrusted modules
Jacques Garrigue a écrit :
> From: Richard Jones <>
>>A much more serious problem which I've just found is that _any_ module
>>(even the empty module) seems to require Pervasives.  Thus it seems to
>>be impossible to create any OCaml code which could be loaded by
>>Dynlink where Dynlink.allow_only does not specify "Pervasives".
> This is why there is a compiler option named -nopervasives.
> Basically your approach is right. If you compile the .ml files
> yourself, this is safe, as long as there is no bug in the compiler.
> Since there are certainly some, you have to follow messages on the
> list and upgrade the compiler when needed, as for any security
> issue...
> Jacques Garrigue
I can't find the way to use 'nopervasives' correctly, here is my test: :
struct Pervasives = struct
	(* Here the code steal from *)
open Pervasives;;
print_endline "hello world";;
[20:55:58 ~] ocamlc -nopervasives -o test
[20:56:25 ~] ./test
hello world
[20:56:28 ~]