From mboxrd@z Thu Jan 1 00:00:00 1970 Received: (from majordomo@localhost) by pauillac.inria.fr (8.7.6/8.7.3) id GAA26141; Mon, 8 Dec 2003 06:12:28 +0100 (MET) X-Authentication-Warning: pauillac.inria.fr: majordomo set sender to owner-caml-list@pauillac.inria.fr using -f Received: from concorde.inria.fr (concorde.inria.fr [192.93.2.39]) by pauillac.inria.fr (8.7.6/8.7.3) with ESMTP id GAA19282 for ; Mon, 8 Dec 2003 06:12:26 +0100 (MET) Received: from gradient.cis.upenn.edu (GRADIENT.CIS.UPENN.EDU [158.130.67.48]) by concorde.inria.fr (8.11.1/8.11.1) with ESMTP id hB85CPr27631 for ; Mon, 8 Dec 2003 06:12:26 +0100 (MET) Received: from gradient.cis.upenn.edu (pcp04129979pcs.walngs01.pa.comcast.net [68.81.45.114]) (authenticated bits=0) by gradient.cis.upenn.edu (8.12.10/8.12.9) with ESMTP id hB85CNbb023234 for ; Mon, 8 Dec 2003 00:12:24 -0500 (EST) Message-ID: <3FD40837.20203@gradient.cis.upenn.edu> Date: Mon, 08 Dec 2003 00:12:23 -0500 From: Josh Burdick User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1) Gecko/20031030 X-Accept-Language: en-us, en MIME-Version: 1.0 To: caml-list@inria.fr Subject: [Caml-list] language-based permissions? Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Loop: caml-list@inria.fr X-Spam: no; 0.00; gradient:01 permissions:01 3.05,:01 -nostdlib:01 perl's:01 foo:01 foo:01 -unsafe:01 gradient:01 pervasives:01 ocamlc:01 ocamlc:01 -nostdlib:01 pervasives:01 bin:01 Sender: owner-caml-list@pauillac.inria.fr Precedence: bulk I noticed that as of OCaml 3.05, there was a new option, "-nostdlib". It seems superficially like with this, and the "-nopervasives" option, you could do language-based security (as in the MMM web browser of yore, Java, and Perl's Safe module, among many others.) In the attached three files, it seems like "foo.ml" should only be allowed to see, and use, the primitives in "fileworld.ml" (which aren't much; this is a toy example.) If "foo.ml" tries to use anything else (as in the commented-out "print_string" line), it gets "Unbound value" errors in compiling, and can't. My question: could "foo.ml" call other primitives somehow, even though they're not linked in? Using the preprocessor, or "external" functions", maybe? (Assuming that you don't use the "-unsafe" option, of course...) Thanks, Josh Burdick jburdick@gradient.cis.upenn.edu ==> fileworld.ml <== open Pervasives let (+) = (+) let print_int = print_int ==> foo.ml <== open Fileworld let _ = (* print_string "test\n" *) print_int (2+2) ==> makescript.sh <== #!/bin/bash ocamlc -c fileworld.ml # now, this should only allow primitives in fileworld.ml to be used... ocamlc -c -nopervasives -nostdlib foo.ml # to build the final object, need to allow Pervasives to be linked in ocamlc fileworld.cmo foo.cmo ------------------- To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/ Beginner's list: http://groups.yahoo.com/group/ocaml_beginners