On Saturday 11 November 2006 03:50, Bulat Ziganshin wrote:
Hello Donald,
Saturday, November 11, 2006, 5:47:36 AM, you wrote:
yes! this was *critical* in lambdabot, for allowing random users to run pure h98 expressions. A lot of time went in to working out the trusted module import base (so not stToIo, , unsafe* and so on).
Currently unsafe things are scattered around System.*, Data.Array.* Control.*.
isn't it _much_ better to use Virtual Machine to disallow bad code? may be yhc may provide such VM?
Well, since you bring it up, I'm currently working on this topic. Yes, you can examine a program bytecode file and disallow FFI and primitive actions _in that module_ pretty easily. However, if your untrusted module imports Foreign.IO.unsafePerformIO, or Some.PathTo.unsafeCoerce, all your hard work goes out the window. The idea is to segregate all the unsafe code in one place do its easy to discriminate against it at the module level rather than at the individual function level. -- Rob Dockins Talk softly and drive a Sherman tank. Laugh hard, it's a long way to the bank. -- TMBG