Version française
Home     About     Download     Resources     Contact us    
Browse thread
Securely loading and running untrusted modules
[ Home ] [ Index: by date | by threads ]
[ Search: ]

[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
Date: -- (:)
From: Richard Jones <rich@a...>
Subject: Re: [Caml-list] Securely loading and running untrusted modules
On Tue, Apr 05, 2005 at 04:09:05PM +0200, Alex Baretta wrote:
> alex@alex:~$ ocaml
>         Objective Caml version 3.08.2
> 
> # external pizza : 'a -> 'b = "%identity";;
> external pizza : 'a -> 'b = "%identity"
> # pizza 1 = "pasta";;
> Segmentation fault

Dynlink allows me to specify that modules can't use unsafe features,
so such declarations wouldn't be permitted.

A much more serious problem which I've just found is that _any_ module
(even the empty module) seems to require Pervasives.  Thus it seems to
be impossible to create any OCaml code which could be loaded by
Dynlink where Dynlink.allow_only does not specify "Pervasives".

rich@arctor:/tmp$ rm test_module.ml 
rich@arctor:/tmp$ touch test_module.ml
rich@arctor:/tmp$ ocamlc -c test_module.ml 
rich@arctor:/tmp$ ocamlobjinfo test_module.cmo 
File test_module.cmo
  Unit name: Test_module
  Interfaces imported:
        71f888453b0f26895819460a72f07493        Pervasives
        f7db4d58568a6e5a2cfe62ef59a52df1        Test_module
  Uses unsafe features: no
rich@arctor:/tmp$ ./test
Dynlink: no implementation available for Pervasives

Rich.

-- 
Richard Jones, CTO Merjis Ltd.
Merjis - web marketing and technology - http://merjis.com
Team Notepad - intranets and extranets for business - http://team-notepad.com