• =?ISO-8859-1?Q?Christian_K=F6stlin?= (11/11) Dec 12 2011 Hi,
• Kagamin (1/5) Dec 14 2011 I believe this is what SafeD is for.
• Timon Gehr (3/7) Dec 14 2011 SafeD eliminates the possibility of memory corruption, it does not
• deadalnix (5/14) Dec 15 2011 Nothing does expect thing that doesn't have side effect.
• Jonathan M Davis (5/6) Dec 15 2011 Actually, Haskell is a 100% purely functional language. Monads are compl...
• Timon Gehr (3/10) Dec 15 2011 Not entirely. For example:
• bearophile (4/5) Dec 14 2011 Nope. SafeD is just for "memory safety".
• Kagamin (2/2) Dec 14 2011 You can also try to run arbitrary D code at codepad.org, see
• Andrew Wiley (14/25) Dec 14 2011 om
• Kagamin (1/4) Dec 20 2011 NaCl does feature some code verification.
• Adam D. Ruppe (15/19) Dec 14 2011 This is something you should set up in the operating system. The
• mta`chrono (3/3) Dec 14 2011 Maybe you should use a VM to run your restricted applications. Or have a
• Bystroushaak (2/5) Dec 18 2011
• Manfred_Nowak (4/5) Dec 18 2011 nice: safeD -> sandbox -> VirtualBox

=?ISO-8859-1?Q?Christian_K=F6stlin?= <christian.koestlin gmail.com> writes:

Hi,

I want to restrict the access of a piece of d2-code to just some
functions I declare allowed. E.g. I would like to forbid all access
to io and prevent the program to format my hd. Or even better I would
like to tell D2 which functions of the std-libraries are allowed, all 
other functions should not be callable.

Goal would be to have a possibility to compile and let run code from 
random people (some of them perhaps evil minded), watch over the 
processes and kill them, if they take too long or use up too much memory.

Thanks in advance

Christian Köstlin

"Kagamin" <spam here.lot> writes:

 Goal would be to have a possibility to compile and let run code 
 from random people (some of them perhaps evil minded), watch 
 over the processes and kill them, if they take too long or use 
 up too much memory.

I believe this is what SafeD is for.

Timon Gehr <timon.gehr gmx.ch> writes:

On 12/14/2011 01:28 PM, Kagamin wrote:
 Goal would be to have a possibility to compile and let run code from
 random people (some of them perhaps evil minded), watch over the
 processes and kill them, if they take too long or use up too much memory.

 I believe this is what SafeD is for.

SafeD eliminates the possibility of memory corruption, it does not 
prevent the program from messing with the system.

deadalnix <deadalnix gmail.com> writes:

Le 14/12/2011 13:48, Timon Gehr a écrit :
 On 12/14/2011 01:28 PM, Kagamin wrote:
 Goal would be to have a possibility to compile and let run code from
 random people (some of them perhaps evil minded), watch over the
 processes and kill them, if they take too long or use up too much
 memory.

 I believe this is what SafeD is for.

 SafeD eliminates the possibility of memory corruption, it does not
 prevent the program from messing with the system.

Nothing does expect thing that doesn't have side effect.

So basically, the OP only want pures function. They exists in D, but I 
highly doubt you can produce anythoing usefull using only pure function.

Even haskell has non pure functions (IO monad for exemple).

Jonathan M Davis <jmdavisProg gmx.com> writes:

On Thursday, December 15, 2011 13:57:21 deadalnix wrote:
 Even haskell has non pure functions (IO monad for exemple).

Actually, Haskell is a 100% purely functional language. Monads are completely 
pure. They're _how_ Haskell manages to be pure with I/O, when every functional 
language before them had had to be impure with regards to I/O.

- Jonathan M Davis

Timon Gehr <timon.gehr gmx.ch> writes:

On 12/15/2011 06:04 PM, Jonathan M Davis wrote:
 On Thursday, December 15, 2011 13:57:21 deadalnix wrote:
 Even haskell has non pure functions (IO monad for exemple).

 Actually, Haskell is a 100% purely functional language.

Not entirely. For example: 
http://users.skynet.be/jyp/html/base/System-IO-Unsafe.html

 Monads are completely
 pure. They're _how_ Haskell manages to be pure with I/O, when every functional
 language before them had had to be impure with regards to I/O.

 - Jonathan M Davis

bearophile <bearophileHUGS lycos.com> writes:

Kagamin:

 I believe this is what SafeD is for.

Nope. SafeD is just for "memory safety".

Bye,
bearophile

"Kagamin" <spam here.lot> writes:

You can also try to run arbitrary D code at codepad.org, see 
http://codepad.org/f4b7wPhn for example.

Andrew Wiley <wiley.andrew.j gmail.com> writes:

2011/12/12 Christian K=F6stlin <christian.koestlin gmail.com>:
 Hi,

 I want to restrict the access of a piece of d2-code to just some
 functions I declare allowed. E.g. I would like to forbid all access
 to io and prevent the program to format my hd. Or even better I would
 like to tell D2 which functions of the std-libraries are allowed, all oth=

er
 functions should not be callable.

 Goal would be to have a possibility to compile and let run code from rand=

om
 people (some of them perhaps evil minded), watch over the processes and k=

ill
 them, if they take too long or use up too much memory.

 Thanks in advance

 Christian K=F6stlin

Honestly, I don't think what you're looking for is possible in *any*
statically compiled systems language. The kind of thing you're looking
for is pretty much limited to VM languages that can enforce security
restrictions at runtime.
In particular, having direct access to assembly code and the stub C
libraries for syscalls means that even if the compiler denied the user
access to a certain library, the user could write the code needed to
invoke a syscall to load that library into memory and make calls into
it, and they could bypass all safety checks if they were determined
enough.

"Kagamin" <spam here.lot> writes:

 Honestly, I don't think what you're looking for is possible in 
 *any*
 statically compiled systems language.

NaCl does feature some code verification.

"Adam D. Ruppe" <destructionator gmail.com> writes:

On Monday, 12 December 2011 at 18:48:17 UTC, Christian Köstlin 
wrote:
 Goal would be to have a possibility to compile and let run code 
 from random people (some of them perhaps evil minded), watch 
 over the processes and kill them, if they take too long or use 
 up too much memory.


This is something you should set up in the operating system. The
programming language can't do much to help here.

On the operating system, create a new limited user account for
the random people code. Limited user accounts can't format hard
drives.

Then, make sure your other files have the proper permissions so
the new user can't read/modify them. (This should mostly be done
already on any OS installation.)

You might add a disk quota to prevent them from using too much
disk space, not not give them any write access at all.


Finally, set CPU and memory limits on the user processes. In 
Linux,
see "man setrlimit" for some info.

mta`chrono <chrono mta-international.net> writes:

Maybe you should use a VM to run your restricted applications. Or have a
look a chroot, dchroot or schroot, to setup such stuff. The Programming
Language will not help you in this case!

Bystroushaak <bystrousak kitakitsune.org> writes:

Yep. Useful google dork: sandbox.

On 14.12.2011 19:55, mta`chrono wrote:
 Maybe you should use a VM to run your restricted applications. Or have a
 look a chroot, dchroot or schroot, to setup such stuff. The Programming
 Language will not help you in this case!

"Manfred_Nowak" <svv1999 hotmail.com> writes:

Bystroushaak wrote:

 Useful google dork: sandbox.

nice: safeD -> sandbox -> VirtualBox

Make a virtual machine an integral part of the compiler :-)

-manfred