Donald Bruce Stewart wrote:
claus.reinke:
The #haskell people have been working on this for about 3 years now. The result is the 'runplugs' program, which I've talked about in previous mails.
http://www.cse.unsw.edu.au/~dons/code/lambdabot/scripts/RunPlugs.hs
It uses hs-plugins for the evaluation, along with the points about IO prevention via type checking, resource limits controlled by the OS, language extension preventions, and a trusted (audited) module base.
great! and since it is presumably in daily use, there is both pressure to fix holes as soon as they are discovered, and ongoing discovery in a safe (or at least friendly) environment.
I've listed the mechanisms we use, and exploits that have been thought of, or discovered, over the years, on the page:
http://haskell.org/haskellwiki/Safely_running_untrusted_Haskell_code
I'm liking where this is going... ;-) Personally, I would think that denying access to "dangerous" funtions - or better yet, only allowing access to obviously "safe" functions - would be one half the problem, and using OS constraints to enforce resource limits would be the other half. But then, I'm no expert, so perhaps I've missed something...