* Sandboxing in ocaml
@ 2005-03-19 23:11 Christian Szegedy
2005-03-19 23:56 ` [Caml-list] " Jacques Garrigue
0 siblings, 1 reply; 4+ messages in thread
From: Christian Szegedy @ 2005-03-19 23:11 UTC (permalink / raw)
To: caml-list
Hello,
Is this possible in ocaml to dynamically load some (bytcode) OCaml file
and run it in a safe environment, that is only using a small subset of
selected functions instead of the whole Pervasives?
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Caml-list] Sandboxing in ocaml
2005-03-19 23:11 Sandboxing in ocaml Christian Szegedy
@ 2005-03-19 23:56 ` Jacques Garrigue
2005-03-20 22:19 ` Christian Szegedy
0 siblings, 1 reply; 4+ messages in thread
From: Jacques Garrigue @ 2005-03-19 23:56 UTC (permalink / raw)
To: szegedy; +Cc: caml-list
> Is this possible in ocaml to dynamically load some (bytcode) OCaml file
> and run it in a safe environment, that is only using a small subset of
> selected functions instead of the whole Pervasives?
This is the intent of Dynlink.allow_only.
Not however that allowing is done on a unit base, so if you want to
allow only some functions in a unit, you must create a new one
containing only those, and compile your file against those (otherwise you
won't be able to load it).
This is the way MMM applets are made safe.
Also, there is no bytecode verifier. That is, a hand-crafted bytecode
file could break the above safety. In this respect, the bytecode
interpreter does not provide real sandboxing. If you want to protect
yourself, you have to use other ways, like a certified signature
scheme. The following paper explains this strategy to safety:
Xavier Leroy and Francois Rouaix. Security properties of typed
applets. In J. Vitek and C. Jensen, editors, Secure Internet
Programming - Security issues for Mobile and Distributed Objects,
volume 1603 of Lecture Notes in Computer Science, pages
147-182. Springer-Verlag, 1999.
Jacques Garrigue
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Caml-list] Sandboxing in ocaml
2005-03-19 23:56 ` [Caml-list] " Jacques Garrigue
@ 2005-03-20 22:19 ` Christian Szegedy
2005-03-20 23:24 ` Jacques Garrigue
0 siblings, 1 reply; 4+ messages in thread
From: Christian Szegedy @ 2005-03-20 22:19 UTC (permalink / raw)
To: caml-list
Jacques Garrigue wrote:
>>Is this possible in ocaml to dynamically load some (bytcode) OCaml file
>>and run it in a safe environment, that is only using a small subset of
>>selected functions instead of the whole Pervasives?
>>
>>
>
>This is the intent of Dynlink.allow_only.
>Not however that allowing is done on a unit base, so if you want to
>allow only some functions in a unit, you must create a new one
>containing only those, and compile your file against those (otherwise you
>won't be able to load it).
>This is the way MMM applets are made safe.
>
>
Excellent! This sounds exactly what I want. Can I forbid
the Pervasives unit while linking the applet?
Thanks a lot, Christian
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Caml-list] Sandboxing in ocaml
2005-03-20 22:19 ` Christian Szegedy
@ 2005-03-20 23:24 ` Jacques Garrigue
0 siblings, 0 replies; 4+ messages in thread
From: Jacques Garrigue @ 2005-03-20 23:24 UTC (permalink / raw)
To: szegedy; +Cc: caml-list
From: Christian Szegedy <szegedy@t-online.de>
> >This is the intent of Dynlink.allow_only.
> >Not however that allowing is done on a unit base, so if you want to
> >allow only some functions in a unit, you must create a new one
> >containing only those, and compile your file against those (otherwise you
> >won't be able to load it).
> >This is the way MMM applets are made safe.
> Excellent! This sounds exactly what I want. Can I forbid
> the Pervasives unit while linking the applet?
Sure: just omit it from the allowed units.
The applet should then be compiled with the -nopervasives option.
Jacques Garrigue
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2005-03-20 23:24 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-03-19 23:11 Sandboxing in ocaml Christian Szegedy
2005-03-19 23:56 ` [Caml-list] " Jacques Garrigue
2005-03-20 22:19 ` Christian Szegedy
2005-03-20 23:24 ` Jacques Garrigue
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox