Re: [Caml-list] Sandboxing in ocaml

Mailing list for all users of the OCaml language and system.
 help / color / mirror / Atom feed

From: Jacques Garrigue <garrigue@math.nagoya-u.ac.jp>
To: szegedy@t-online.de
Cc: caml-list@inria.fr
Subject: Re: [Caml-list] Sandboxing in ocaml
Date: Sun, 20 Mar 2005 08:56:49 +0900 (JST)	[thread overview]
Message-ID: <20050320.085649.30145338.garrigue@math.nagoya-u.ac.jp> (raw)
In-Reply-To: <423CB1BB.5080906@t-online.de>

> Is this possible in ocaml to dynamically load some (bytcode) OCaml file 
> and run it in a safe environment, that is only using a small subset of 
> selected functions instead of the whole Pervasives?

This is the intent of Dynlink.allow_only.
Not however that allowing is done on a unit base, so if you want to
allow only some functions in a unit, you must create a new one
containing only those, and compile your file against those (otherwise you
won't be able to load it).
This is the way MMM applets are made safe.

Also, there is no bytecode verifier. That is, a hand-crafted bytecode
file could break the above safety. In this respect, the bytecode
interpreter does not provide real sandboxing. If you want to protect
yourself, you have to use other ways, like a certified signature
scheme. The following paper explains this strategy to safety:
 Xavier Leroy and Francois Rouaix. Security properties of typed
 applets. In J. Vitek and C. Jensen, editors, Secure Internet
 Programming - Security issues for Mobile and Distributed Objects,
 volume 1603 of  Lecture Notes in Computer Science, pages
 147-182. Springer-Verlag, 1999. 

Jacques Garrigue

next prev parent reply	other threads:[~2005-03-19 23:57 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-03-19 23:11 Christian Szegedy
2005-03-19 23:56 ` Jacques Garrigue [this message]
2005-03-20 22:19   ` [Caml-list] " Christian Szegedy
2005-03-20 23:24     ` Jacques Garrigue

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20050320.085649.30145338.garrigue@math.nagoya-u.ac.jp \
    --to=garrigue@math.nagoya-u.ac.jp \
    --cc=caml-list@inria.fr \
    --cc=szegedy@t-online.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox