On 12.10.2013 00:30, Christopher Done wrote:
Is there a definitive list of things in GHC that are unsafe to
_compile_ if I were to take an arbitrary module and compile it?
E.g. off the top of my head, things that might be dangerous:
* TemplateHaskell/QuasiQuotes -- obviously
* Are rules safe?
* #includes — I presume there's some security risk with including any old file?
* FFI -- speaks for itself
I'm interested in the idea of compiling Haskell code on lpaste.org,
for core, rule firings, maybe even Th expansion, etc. When sandboxing
code that I'm running, it's really easy if I whitelist what code is
available (parsing with HSE, whitelisting imports, extensions). The
problem of infinite loops or too much allocation is fairly
straight-forwardly solved by similar techniques applied in mueval.
Pragma GHC_OPTIONS. You can add custom preprocessor for example bash and
then interpret program as bash script. I think sandboing compiler
is a must. There are just too many handles and hooks to cater to all
possible uses. Some of them must be exploitable.
_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
