mueval 0.3.1 → 0.4
raw patch · 4 files changed
+18/−22 lines, 4 filesdep ~hint
Dependency ranges changed: hint
Files
- Mueval/Interpreter.hs +6/−5
- Mueval/Resources.hs +8/−4
- build.sh +2/−2
- mueval.cabal +2/−11
Mueval/Interpreter.hs view
@@ -2,8 +2,8 @@ module Mueval.Interpreter (interpreterSession, printInterpreterError, ModuleName) where import Language.Haskell.Interpreter.GHC (eval, newSession, reset, setImports,- setOptimizations, setUseLanguageExtensions, typeChecks,- typeOf, withSession,+ setOptimizations, setUseLanguageExtensions, setInstalledModsAreInScopeQualified,+ typeChecks, typeOf, withSession, Interpreter, InterpreterError, ModuleName, Optimizations(All)) import Control.Monad.Trans (liftIO)@@ -19,16 +19,17 @@ (exitWith $ ExitFailure 1) interpreter :: Bool -> [ModuleName] -> String -> Interpreter ()-interpreter prt modules expr = do setUseLanguageExtensions False -- Don't trust the+interpreter prt modules expr = do+ setUseLanguageExtensions False -- Don't trust the -- extensions setOptimizations All -- Maybe optimization will make -- more programs terminate. reset -- Make sure nothing is available+ setInstalledModsAreInScopeQualified False setImports modules - liftIO Mueval.Resources.limitResources- checks <- typeChecks expr+ liftIO Mueval.Resources.limitResources if checks then do if prt then do say =<< typeOf expr say "\n"
Mueval/Resources.hs view
@@ -18,16 +18,20 @@ dataSizeLimitHard, cpuTimeLimitSoft, cpuTimeLimitHard, coreSizeLimitSoft, coreSizeLimitHard, zero :: ResourceLimit totalMemoryLimitSoft = dataSizeLimitSoft totalMemoryLimitHard = dataSizeLimitHard--- These limits seem to be useless+-- These limits seem to be useless? stackSizeLimitSoft = zero stackSizeLimitHard = zero -- We allow one file to be opened, package.conf, because it is necessary. This -- doesn't seem to be security problem because it'll be opened at the module--- stage, before code ever evaluates.+-- stage, before code ever evaluates. I hope. openFilesLimitSoft = openFilesLimitHard-openFilesLimitHard = ResourceLimit 8+openFilesLimitHard = ResourceLimit 7+-- TODO: It would be nice to set these to zero, but right now Hint gets around the+-- insecurity of the GHC API by writing stuff out to a file in /tmp, so we need+-- to allow our compiled binary to do file I/O... :( But at least we can limit+-- how much we write out! fileSizeLimitSoft = fileSizeLimitHard-fileSizeLimitHard = zero+fileSizeLimitHard = ResourceLimit 590 dataSizeLimitSoft = dataSizeLimitHard dataSizeLimitHard = ResourceLimit $ 6^(12::Int) -- These should not be identical, to give the XCPU handler time to trigger
build.sh view
@@ -2,6 +2,6 @@ # Build runhaskell Setup configure --user && runhaskell Setup build && runhaskell Setup install || exit echo "\n...Single-threaded tests....\n"-./tests.sh+sh tests.sh echo "\n...Rerun the tests with multiple threads...\n"-./tests.sh +RTS -N4 -RTS --print-type+sh tests.sh +RTS -N4 -RTS --print-type
mueval.cabal view
@@ -1,5 +1,5 @@ name: mueval-version: 0.3.1+version: 0.4 license: BSD3 license-file: LICENSE@@ -16,15 +16,6 @@ on to sandbox the Haskell code. (It is much like Lambdabot's famous evaluation functionality.) .- Currently there is a major hole in Mueval: it is possible use a function- without importing it, which allows the module whitelisting to be bypassed,- and hence, unsafePerformIO and its various type-breaking friends can be used- to do arbitrary things. Mueval uses a blacklist to avoid the most naive and obvious- dangerous function imports, but this is a very weak mechanism and cannot be relied- upon.- .- Until this hole is fixed, Mueval should *not* be used on potentially hostile input.- . Mueval is currently POSIX-only. homepage: http://code.haskell.org/mubot/ @@ -37,7 +28,7 @@ Library exposed-modules: Mueval.Context, Mueval.Interpreter, Mueval.ParseArgs, Mueval.Resources- build-Depends: base, directory, mtl, unix, hint>=0.2.2, show+ build-Depends: base, directory, mtl, unix, hint>=0.2.3, show ghc-options: -Wall -static Executable mueval