www.digitalmars.com         C & C++   DMDScript  

digitalmars.D.learn - Restrict access to "critical" functions

reply =?ISO-8859-1?Q?Christian_K=F6stlin?= <christian.koestlin gmail.com> writes:
Hi,

I want to restrict the access of a piece of d2-code to just some
functions I declare allowed. E.g. I would like to forbid all access
to io and prevent the program to format my hd. Or even better I would
like to tell D2 which functions of the std-libraries are allowed, all 
other functions should not be callable.

Goal would be to have a possibility to compile and let run code from 
random people (some of them perhaps evil minded), watch over the 
processes and kill them, if they take too long or use up too much memory.

Thanks in advance

Christian Köstlin
Dec 12 2011
next sibling parent reply "Kagamin" <spam here.lot> writes:
 Goal would be to have a possibility to compile and let run code 
 from random people (some of them perhaps evil minded), watch 
 over the processes and kill them, if they take too long or use 
 up too much memory.

I believe this is what SafeD is for.
Dec 14 2011
next sibling parent reply Timon Gehr <timon.gehr gmx.ch> writes:
On 12/14/2011 01:28 PM, Kagamin wrote:
 Goal would be to have a possibility to compile and let run code from
 random people (some of them perhaps evil minded), watch over the
 processes and kill them, if they take too long or use up too much memory.

I believe this is what SafeD is for.

SafeD eliminates the possibility of memory corruption, it does not prevent the program from messing with the system.
Dec 14 2011
next sibling parent reply deadalnix <deadalnix gmail.com> writes:
Le 14/12/2011 13:48, Timon Gehr a écrit :
 On 12/14/2011 01:28 PM, Kagamin wrote:
 Goal would be to have a possibility to compile and let run code from
 random people (some of them perhaps evil minded), watch over the
 processes and kill them, if they take too long or use up too much
 memory.

I believe this is what SafeD is for.

SafeD eliminates the possibility of memory corruption, it does not prevent the program from messing with the system.

Nothing does expect thing that doesn't have side effect. So basically, the OP only want pures function. They exists in D, but I highly doubt you can produce anythoing usefull using only pure function. Even haskell has non pure functions (IO monad for exemple).
Dec 15 2011
parent Timon Gehr <timon.gehr gmx.ch> writes:
On 12/15/2011 06:04 PM, Jonathan M Davis wrote:
 On Thursday, December 15, 2011 13:57:21 deadalnix wrote:
 Even haskell has non pure functions (IO monad for exemple).

Actually, Haskell is a 100% purely functional language.

Not entirely. For example: http://users.skynet.be/jyp/html/base/System-IO-Unsafe.html
 Monads are completely
 pure. They're _how_ Haskell manages to be pure with I/O, when every functional
 language before them had had to be impure with regards to I/O.

 - Jonathan M Davis

Dec 15 2011
prev sibling parent Jonathan M Davis <jmdavisProg gmx.com> writes:
On Thursday, December 15, 2011 13:57:21 deadalnix wrote:
 Even haskell has non pure functions (IO monad for exemple).

Actually, Haskell is a 100% purely functional language. Monads are completely pure. They're _how_ Haskell manages to be pure with I/O, when every functional language before them had had to be impure with regards to I/O. - Jonathan M Davis
Dec 15 2011
prev sibling parent bearophile <bearophileHUGS lycos.com> writes:
Kagamin:

 I believe this is what SafeD is for.

Nope. SafeD is just for "memory safety". Bye, bearophile
Dec 14 2011
prev sibling next sibling parent "Kagamin" <spam here.lot> writes:
You can also try to run arbitrary D code at codepad.org, see 
http://codepad.org/f4b7wPhn for example.
Dec 14 2011
prev sibling next sibling parent Andrew Wiley <wiley.andrew.j gmail.com> writes:
2011/12/12 Christian K=F6stlin <christian.koestlin gmail.com>:
 Hi,

 I want to restrict the access of a piece of d2-code to just some
 functions I declare allowed. E.g. I would like to forbid all access
 to io and prevent the program to format my hd. Or even better I would
 like to tell D2 which functions of the std-libraries are allowed, all oth=

 functions should not be callable.

 Goal would be to have a possibility to compile and let run code from rand=

 people (some of them perhaps evil minded), watch over the processes and k=

 them, if they take too long or use up too much memory.

 Thanks in advance

 Christian K=F6stlin

Honestly, I don't think what you're looking for is possible in *any* statically compiled systems language. The kind of thing you're looking for is pretty much limited to VM languages that can enforce security restrictions at runtime. In particular, having direct access to assembly code and the stub C libraries for syscalls means that even if the compiler denied the user access to a certain library, the user could write the code needed to invoke a syscall to load that library into memory and make calls into it, and they could bypass all safety checks if they were determined enough.
Dec 14 2011
prev sibling next sibling parent "Adam D. Ruppe" <destructionator gmail.com> writes:
On Monday, 12 December 2011 at 18:48:17 UTC, Christian Köstlin 
wrote:
 Goal would be to have a possibility to compile and let run code 
 from random people (some of them perhaps evil minded), watch 
 over the processes and kill them, if they take too long or use 
 up too much memory.

This is something you should set up in the operating system. The programming language can't do much to help here. On the operating system, create a new limited user account for the random people code. Limited user accounts can't format hard drives. Then, make sure your other files have the proper permissions so the new user can't read/modify them. (This should mostly be done already on any OS installation.) You might add a disk quota to prevent them from using too much disk space, not not give them any write access at all. Finally, set CPU and memory limits on the user processes. In Linux, see "man setrlimit" for some info.
Dec 14 2011
prev sibling next sibling parent reply mta`chrono <chrono mta-international.net> writes:
Maybe you should use a VM to run your restricted applications. Or have a
look a chroot, dchroot or schroot, to setup such stuff. The Programming
Language will not help you in this case!
Dec 14 2011
parent reply Bystroushaak <bystrousak kitakitsune.org> writes:
Yep. Useful google dork: sandbox.

On 14.12.2011 19:55, mta`chrono wrote:
 Maybe you should use a VM to run your restricted applications. Or have a
 look a chroot, dchroot or schroot, to setup such stuff. The Programming
 Language will not help you in this case!

Dec 18 2011
parent "Manfred_Nowak" <svv1999 hotmail.com> writes:
Bystroushaak wrote:

 Useful google dork: sandbox.

nice: safeD -> sandbox -> VirtualBox Make a virtual machine an integral part of the compiler :-) -manfred
Dec 18 2011
prev sibling parent "Kagamin" <spam here.lot> writes:
 Honestly, I don't think what you're looking for is possible in 
 *any*
 statically compiled systems language.

NaCl does feature some code verification.
Dec 20 2011