From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on yquem.inria.fr X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=AWL autolearn=disabled version=3.1.3 Received: from concorde.inria.fr (concorde.inria.fr [192.93.2.39]) by yquem.inria.fr (Postfix) with ESMTP id 3B9A9BC69 for ; Tue, 29 May 2007 07:52:51 +0200 (CEST) Received: from ptb-relay03.plus.net (ptb-relay03.plus.net [212.159.14.214]) by concorde.inria.fr (8.13.6/8.13.6) with ESMTP id l4T5qo8U026967 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO) for ; Tue, 29 May 2007 07:52:50 +0200 Received: from [80.229.56.224] (helo=beast.local) by ptb-relay03.plus.net with esmtp (Exim) id 1HsudW-0005hm-0J for caml-list@inria.fr; Tue, 29 May 2007 06:52:50 +0100 From: Jon Harrop Organization: Flying Frog Consultancy Ltd. To: caml-list@inria.fr Subject: Re: [Caml-list] Sand-boxing Date: Tue, 29 May 2007 06:47:16 +0100 User-Agent: KMail/1.9.7 References: <200705290301.42600.jon@ffconsultancy.com> <465B93D5.2060207@laposte.net> <465BB62F.1060900@inria.fr> In-Reply-To: <465BB62F.1060900@inria.fr> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200705290647.17407.jon@ffconsultancy.com> X-Miltered: at concorde with ID 465BBFB2.000 by Joe's j-chkmail (http://j-chkmail . ensmp . fr)! X-Spam: no; 0.00; frisch:01 dynlink:01 model:01 ocamlc:01 well-typed:01 bytecode:01 ocaml:01 ocamlc:01 ocaml:01 lablgl:01 lablgl:01 uploading:01 fsharp:01 client's:98 smoke:98 On Tuesday 29 May 2007 06:12:15 Alain Frisch wrote: > pierre chambart wrote: > > You can use the dynlink library. > > When you load module with that, you can specify the modules that can't > > be accessed from the loaded code. > > This can catch some errors, but it is not a real security > mechanism! The "security model" relies on the assumption that the loaded > modules have been produced by ocamlc from well-typed programs that don't > use unsafe features. The bytecode interpreter does not try to protect > itself against ill-behaved code at all. But if the browser downloads the OCaml source code from the server, compiles it using ocamlc with restrictions on the client and then dynlinks it, everything should work safely? This was actually Francois Rouaix's idea. I think it will be much more user-friendly to put OCaml source code on your web server. The only problem I can think of now is malicious sites exploiting exponential type growth to hang the client's ocamlc. :-) I assume I can ban the code from accessing LablGL directly (it is unsafe) but I can allow it to access our library that uses LablGL (which is safe)? I think this is a killer idea! Instead of writing a web page in HTML, you write it in OCaml and call our library to generate a scene graph for your entire site. Incidentally, I'm uploading our vector graphics library: http://www.ffconsultancy.com/products/smoke_vector_graphics/ The Linux demos should all work now and I'm working on the free edition downloads. I'm particularly keen to know if the x86 Linux demos work because they were built in a 32-bit chroot on my AMD64... -- Dr Jon D Harrop, Flying Frog Consultancy Ltd. The F#.NET Journal http://www.ffconsultancy.com/products/fsharp_journal/?e