English version
Accueil     À propos     Téléchargement     Ressources     Contactez-nous    

Ce site est rarement mis à jour. Pour les informations les plus récentes, rendez-vous sur le nouveau site OCaml à l'adresse ocaml.org.

Browse thread
[ Home ] [ Index: by date | by threads ]
[ Search: ]

[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
Date: 2007-05-29 (05:12)
From: Alain Frisch <Alain.Frisch@i...>
Subject: Re: [Caml-list] Sand-boxing
pierre chambart wrote:
> You can use the dynlink library.
> When you load module with that, you can specify the modules that can't
> be accessed from the loaded code.

This can catch some errors, but it is not a real security
mechanism! The "security model" relies on the assumption that the loaded
modules have been produced by ocamlc from well-typed programs that don't
use unsafe features. The bytecode interpreter does not try to protect
itself against ill-behaved code at all.