proposal: add 'unsafeCoerce'
Robert Dockins
robdockins at fastmail.fm
Sat Nov 11 08:47:17 EST 2006
On Saturday 11 November 2006 03:50, Bulat Ziganshin wrote:
> Hello Donald,
>
> Saturday, November 11, 2006, 5:47:36 AM, you wrote:
> > yes! this was *critical* in lambdabot, for allowing random users to run
> > pure h98 expressions. A lot of time went in to working out the trusted
> > module import base (so not stToIo, , unsafe* and so on).
> >
> > Currently unsafe things are scattered around System.*, Data.Array.*
> > Control.*.
>
> isn't it _much_ better to use Virtual Machine to disallow bad code?
> may be yhc may provide such VM?
Well, since you bring it up, I'm currently working on this topic. Yes, you
can examine a program bytecode file and disallow FFI and primitive actions
_in that module_ pretty easily. However, if your untrusted module imports
Foreign.IO.unsafePerformIO, or Some.PathTo.unsafeCoerce, all your hard work
goes out the window.
The idea is to segregate all the unsafe code in one place do its easy to
discriminate against it at the module level rather than at the individual
function level.
--
Rob Dockins
Talk softly and drive a Sherman tank.
Laugh hard, it's a long way to the bank.
-- TMBG
More information about the Libraries
mailing list