Version française
Home     About     Download     Resources     Contact us    
Browse thread
Securely loading and running untrusted modules
[ Home ] [ Index: by date | by threads ]
[ Search: ]

[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
Date: -- (:)
From: Jacques Garrigue <garrigue@m...>
Subject: Re: [Caml-list] Securely loading and running untrusted modules
From: Richard Jones <rich@annexia.org>

> A much more serious problem which I've just found is that _any_ module
> (even the empty module) seems to require Pervasives.  Thus it seems to
> be impossible to create any OCaml code which could be loaded by
> Dynlink where Dynlink.allow_only does not specify "Pervasives".

This is why there is a compiler option named -nopervasives.
Basically your approach is right. If you compile the .ml files
yourself, this is safe, as long as there is no bug in the compiler.
Since there are certainly some, you have to follow messages on the
list and upgrade the compiler when needed, as for any security
issue...

Jacques Garrigue