On Sat, Feb 9, 2013 at 1:12 PM, Nicholas Jefferson
<[email protected]> wrote:
>> The point of what I wrote is that you cannot run arbitrary code,
>> because the type system forbids it.
>
>
> I can see how you could think that. You are wrong, however.
>
> Haskell can run arbitrary code [1], because the type system does not forbid
> it.
>
> [1]
> http://hackage.haskell.org/packages/archive/plugins/1.5.1.3/doc/html/System-Eval-Haskell.html
Let us examine this type:
eval :: Typeable a => String -> [Import] -> IO (Maybe a)
now, if you were to call eval on an arbitrary string, you would indeed
be running that code.
HOWEVER
in the context I mentioned, our putative parser had type
parseThingy :: String -> Maybe StructuredThingy
parseThingy _cannot_ call eval, because eval has a type that ends with
IO (Maybe a). This is globally proven, unless you explicitly turn off
SafeHaskell, import System.IO.Unsafe, and deliberately call
unsafePerformIO, which in Haskell terms is the equivalent of Bruce
Willis's sandwich board scene in Die Hard With a Vengeance. This has
to be in library or app code, too: the attacker doesn't get to dictate
this.
What I hope I have shown here is that the ability to constrain
yourself locally is powerful, useful, and pretty much absent in Ruby.
cheers
mark
--
A UNIX signature isn't a return address, it's the ASCII equivalent of a
black velvet clown painting. It's a rectangle of carets surrounding a
quote from a literary giant of weeniedom like Heinlein or Dr. Who.
-- Chris Maeda
--
You received this message because you are subscribed to the Google Groups "Ruby
or Rails Oceania" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/rails-oceania?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
