On 9 November 2012 17:36, Ian Lynagh <i...@well-typed.com> wrote: > > Hi David, > > On Fri, Nov 09, 2012 at 04:34:20PM -0800, David Terei wrote: >> >> + Safe Haskell, however, <emphasis>does not offer</emphasis> compilation >> + safety. > > Is this a bug? A few lines lower down the docs say that "Compiling and > executing untrusted code" is one of the two use cases for Safe Haskell.
Well it's by design. So I'd say no :). But this doesn't really matter. What matters is, does this problem make Safe Haskell unusable. I'd argue no, but it is true that it complicates a lot of the use cases a fair amount such that we should take time to address the issue. > > Without knowing much about it, there are two things that I would hope > that Safe Haskell could do: > * Provide a way to safely compile unknown code. For example, when making > a change to GHC or base, one might want to compile all packages on > hackage before and after the change. > * Provide a way to safely evaluate unknown code. For example, lambdabot > and http://tryhaskell.org/ would like to be able to take an arbitrary > expression and evaluate it. (you could imagine similar systems which > could take modules rather than mere expressions). In order to do this, > we'd first have to compile the code. > > Currently it looks like, while a lot of the necessary machinery for > these use cases may now exist in Safe Haskell, neither is actually > possible? The first isn't possible but we have put this outside of the scope of Safe Haskell for now. So yes a tool like Hackager (http://hackage.haskell.org/package/hackager) is currently unsafe to run on your system. We as a community seem to be somewhat OK with this though given Hackage allows anyone to upload a new package which contains code that can be executed by people at compile time. Obviously that's not an argument to say we can ignore the issue, just an observation. The second is possible but it depends on the input model. Lambdabot and tryhaskell.org don't allow a file to be uploaded, they only allow a single line of code to be given. As such, compilation safety is fine since you can't pass through pragmas and affect compilation. If they wanted to allow files to be uploaded they would need to take actions to protect against compilation attacks which Safe Haskell doesn't help with for now. Cheers, David > > > Thanks > Ian > _______________________________________________ Cvs-ghc mailing list Cvs-ghc@haskell.org http://www.haskell.org/mailman/listinfo/cvs-ghc
