From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Delivered-To: caml-list@yquem.inria.fr Received: from nez-perce.inria.fr (nez-perce.inria.fr [192.93.2.78]) by yquem.inria.fr (Postfix) with ESMTP id A7A1ABC48 for ; Tue, 5 Apr 2005 16:17:56 +0200 (CEST) Received: from pauillac.inria.fr (pauillac.inria.fr [128.93.11.35]) by nez-perce.inria.fr (8.13.0/8.13.0) with ESMTP id j35EHuF1005966 for ; Tue, 5 Apr 2005 16:17:56 +0200 Received: from nez-perce.inria.fr (nez-perce.inria.fr [192.93.2.78]) by pauillac.inria.fr (8.7.6/8.7.3) with ESMTP id QAA32079 for ; Tue, 5 Apr 2005 16:17:55 +0200 (MET DST) Received: from furbychan.cocan.org (furbychan.cocan.org [80.68.91.176]) by nez-perce.inria.fr (8.13.0/8.13.0) with ESMTP id j35EHtmS005961 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for ; Tue, 5 Apr 2005 16:17:55 +0200 Received: from rich by furbychan.cocan.org with local (Exim 3.35 #1 (Debian)) id 1DIosE-0003VT-00; Tue, 05 Apr 2005 15:17:46 +0100 Date: Tue, 5 Apr 2005 15:17:46 +0100 To: Alex Baretta Cc: caml-list@inria.fr Subject: Re: [Caml-list] Securely loading and running untrusted modules Message-ID: <20050405141744.GA11816@furbychan.cocan.org> References: <20050405121459.GA29378@furbychan.cocan.org> <000f01c539de$c1859fd0$0c05a8c0@PWARP> <20050405131608.GB5103@furbychan.cocan.org> <42529C01.2080609@barettadeit.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <42529C01.2080609@barettadeit.com> User-Agent: Mutt/1.3.28i From: Richard Jones X-Miltered: at nez-perce with ID 42529E14.000 by Joe's j-chkmail (http://j-chkmail.ensmp.fr)! X-Miltered: at nez-perce with ID 42529E13.001 by Joe's j-chkmail (http://j-chkmail.ensmp.fr)! X-Spam: no; 0.00; caml-list:01 untrusted:01 baretta:01 ocaml:01 dynlink:01 pervasives:01 ocaml:01 dynlink:01 pervasives:01 ocamlc:01 cmo:01 cmo:01 notepad:01 securely:98 wrote:01 X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on yquem.inria.fr X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=disabled version=3.0.2 X-Spam-Level: On Tue, Apr 05, 2005 at 04:09:05PM +0200, Alex Baretta wrote: > alex@alex:~$ ocaml > Objective Caml version 3.08.2 > > # external pizza : 'a -> 'b = "%identity";; > external pizza : 'a -> 'b = "%identity" > # pizza 1 = "pasta";; > Segmentation fault Dynlink allows me to specify that modules can't use unsafe features, so such declarations wouldn't be permitted. A much more serious problem which I've just found is that _any_ module (even the empty module) seems to require Pervasives. Thus it seems to be impossible to create any OCaml code which could be loaded by Dynlink where Dynlink.allow_only does not specify "Pervasives". rich@arctor:/tmp$ rm test_module.ml rich@arctor:/tmp$ touch test_module.ml rich@arctor:/tmp$ ocamlc -c test_module.ml rich@arctor:/tmp$ ocamlobjinfo test_module.cmo File test_module.cmo Unit name: Test_module Interfaces imported: 71f888453b0f26895819460a72f07493 Pervasives f7db4d58568a6e5a2cfe62ef59a52df1 Test_module Uses unsafe features: no rich@arctor:/tmp$ ./test Dynlink: no implementation available for Pervasives Rich. -- Richard Jones, CTO Merjis Ltd. Merjis - web marketing and technology - http://merjis.com Team Notepad - intranets and extranets for business - http://team-notepad.com