From: Xavier Leroy <xavier.leroy@inria.fr>
To: Martin Jambon <m.jambon@ibcp.fr>
Cc: caml-list@inria.fr
Subject: Re: [Caml-list] Safe Caml for online teaching
Date: Thu, 21 Feb 2002 11:59:55 +0100 [thread overview]
Message-ID: <20020221115955.A28344@pauillac.inria.fr> (raw)
In-Reply-To: <Pine.LNX.4.33L2.0202201448590.1320-100000@pc-bioinfo1.ibcp.fr>; from m.jambon@ibcp.fr on Wed, Feb 20, 2002 at 04:15:32PM +0100
> The insertion of Caml-toplevel forms in Caml online HTML manuals could be
> attractive for beginners since it doesn't require the installation of Caml
> on the local machine.
>
> This would require a strict control over the code that the user will want
> to be compiled and executed on the server.
François Rouaix did something along these lines to allow safe
execution of Caml applets in the MMM Web browser. See
http://pauillac.inria.fr/~xleroy/publi/sip-typed-applets.ps.gz
and skip the first 20 pages of maths :-)
Module thinning (removing "dangerous" functions and making "dangerous"
types abstract via signature constraints) goes a long way towards
securing the execution environment, but you are correct that some
language features, most notably "external" declarations, must be
turned off. (In MMM, we did that via special options on the dynamic
linker Dynlink.)
Generally speaking, language-based security is truly hard. Even Java,
which was designed from the grounds up with security in mind, didn't
get it 100% right, as shown by the various exploits published (or
unpublished :-) in the last 5 years.
An alternate or complementary approach is systems-based security: run
the toplevel in a chroot()-ed environment, on a read-only file system,
after disabling most kernel capabilities (recent versions of Linux
lets you do this), etc. No small work either.
- Xavier Leroy
-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners
prev parent reply other threads:[~2002-02-21 10:59 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-02-20 15:15 Martin Jambon
2002-02-20 15:53 ` Alain Frisch
2002-02-20 16:22 ` james woodyatt
2002-02-20 17:13 ` Martin Jambon
2002-02-20 19:16 ` Christophe Raffalli
2002-02-20 16:38 ` Martin Jambon
2002-02-20 17:35 ` Remi VANICAT
2002-02-21 10:59 ` Xavier Leroy [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20020221115955.A28344@pauillac.inria.fr \
--to=xavier.leroy@inria.fr \
--cc=caml-list@inria.fr \
--cc=m.jambon@ibcp.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).