From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from concorde.inria.fr (concorde.inria.fr [192.93.2.39]) by yquem.inria.fr (Postfix) with ESMTP id 7C6AABC48 for ; Tue, 5 Apr 2005 20:48:54 +0200 (CEST) Received: from pauillac.inria.fr (pauillac.inria.fr [128.93.11.35]) by concorde.inria.fr (8.13.0/8.13.0) with ESMTP id j35Imr0P014254 for ; Tue, 5 Apr 2005 20:48:53 +0200 Received: from nez-perce.inria.fr (nez-perce.inria.fr [192.93.2.78]) by pauillac.inria.fr (8.7.6/8.7.3) with ESMTP id UAA09348 for ; Tue, 5 Apr 2005 20:48:53 +0200 (MET DST) Received: from smtp003.mail.ukl.yahoo.com (smtp003.mail.ukl.yahoo.com [217.12.11.34]) by nez-perce.inria.fr (8.13.0/8.13.0) with SMTP id j35Imq39008733 for ; Tue, 5 Apr 2005 20:48:53 +0200 Received: from unknown (HELO ?83.114.98.162?) (sejourne?kevin@83.114.98.162 with plain) by smtp003.mail.ukl.yahoo.com with SMTP; 5 Apr 2005 18:48:52 -0000 Message-ID: <4252FBF5.1030509@yahoo.fr> Date: Tue, 05 Apr 2005 20:58:29 +0000 From: sejourne_kevin User-Agent: Mozilla Thunderbird 1.0 (X11/20050116) X-Accept-Language: fr, en MIME-Version: 1.0 To: Jacques Garrigue Cc: caml-list@inria.fr Subject: Re: [Caml-list] Securely loading and running untrusted modules References: <20050405131608.GB5103@furbychan.cocan.org> <42529C01.2080609@barettadeit.com> <20050405141744.GA11816@furbychan.cocan.org> <20050405.233631.126985691.garrigue@math.nagoya-u.ac.jp> In-Reply-To: <20050405.233631.126985691.garrigue@math.nagoya-u.ac.jp> X-Enigmail-Version: 0.90.0.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Miltered: at concorde with ID 4252DD95.000 by Joe's j-chkmail (http://j-chkmail.ensmp.fr)! X-Miltered: at nez-perce with ID 4252DD94.000 by Joe's j-chkmail (http://j-chkmail.ensmp.fr)! X-Spam: no; 0.00; caml-list:01 untrusted:01 pervasives:01 ocaml:01 dynlink:01 dynlink:01 pervasives:01 compiler:01 bug:01 compiler:01 struct:01 struct:01 endline:01 ocamlc:01 securely:98 X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on yquem.inria.fr X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=disabled version=3.0.2 X-Spam-Level: Jacques Garrigue a écrit : > From: Richard Jones > >>A much more serious problem which I've just found is that _any_ module >>(even the empty module) seems to require Pervasives. Thus it seems to >>be impossible to create any OCaml code which could be loaded by >>Dynlink where Dynlink.allow_only does not specify "Pervasives". > > > This is why there is a compiler option named -nopervasives. > Basically your approach is right. If you compile the .ml files > yourself, this is safe, as long as there is no bug in the compiler. > Since there are certainly some, you have to follow messages on the > list and upgrade the compiler when needed, as for any security > issue... > > Jacques Garrigue I can't find the way to use 'nopervasives' correctly, here is my test: test.ml : ---------------- struct Pervasives = struct (* Here the code steal from pervasives.ml *) end;; open Pervasives;; print_endline "hello world";; ---------------- [20:55:58 ~] ocamlc -nopervasives -o test test.ml [20:56:25 ~] ./test hello world [20:56:28 ~] strange.... Kévin.