From: Jon Harrop <jon@ffconsultancy.com>
To: caml-list@inria.fr
Subject: Re: [Caml-list] Sand-boxing
Date: Tue, 29 May 2007 06:47:16 +0100 [thread overview]
Message-ID: <200705290647.17407.jon@ffconsultancy.com> (raw)
In-Reply-To: <465BB62F.1060900@inria.fr>
On Tuesday 29 May 2007 06:12:15 Alain Frisch wrote:
> pierre chambart wrote:
> > You can use the dynlink library.
> > When you load module with that, you can specify the modules that can't
> > be accessed from the loaded code.
>
> This can catch some errors, but it is not a real security
> mechanism! The "security model" relies on the assumption that the loaded
> modules have been produced by ocamlc from well-typed programs that don't
> use unsafe features. The bytecode interpreter does not try to protect
> itself against ill-behaved code at all.
But if the browser downloads the OCaml source code from the server, compiles
it using ocamlc with restrictions on the client and then dynlinks it,
everything should work safely? This was actually Francois Rouaix's idea. I
think it will be much more user-friendly to put OCaml source code on your web
server. The only problem I can think of now is malicious sites exploiting
exponential type growth to hang the client's ocamlc. :-)
I assume I can ban the code from accessing LablGL directly (it is unsafe) but
I can allow it to access our library that uses LablGL (which is safe)?
I think this is a killer idea! Instead of writing a web page in HTML, you
write it in OCaml and call our library to generate a scene graph for your
entire site.
Incidentally, I'm uploading our vector graphics library:
http://www.ffconsultancy.com/products/smoke_vector_graphics/
The Linux demos should all work now and I'm working on the free edition
downloads. I'm particularly keen to know if the x86 Linux demos work because
they were built in a 32-bit chroot on my AMD64...
--
Dr Jon D Harrop, Flying Frog Consultancy Ltd.
The F#.NET Journal
http://www.ffconsultancy.com/products/fsharp_journal/?e
prev parent reply other threads:[~2007-05-29 5:52 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-05-29 2:01 Sand-boxing Jon Harrop
2007-05-29 2:38 ` [Caml-list] Sand-boxing skaller
2007-05-29 2:45 ` pierre chambart
2007-05-29 5:12 ` Alain Frisch
2007-05-29 5:47 ` Jon Harrop [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200705290647.17407.jon@ffconsultancy.com \
--to=jon@ffconsultancy.com \
--cc=caml-list@inria.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox