mueval: Safely evaluate Haskell expressions
Mueval is a Haskell interpreter. It uses the GHC API to evaluate arbitrary Haskell expressions. Importantly, mueval takes many precautions to defang and avoid "evil" code. It uses resource limits, whitelisted modules, special Show instances for IO, threads, changes of directory, and so on to sandbox the Haskell code. (It is much like Lambdabot's famous evaluation functionality.)
Currently there is a major hole in Mueval: it is possible use a function without importing it, which allows the module whitelisting to be bypassed, and hence, unsafePerformIO and its various type-breaking friends can be used to do arbitrary things. Mueval uses a blacklist to avoid the most naive and obvious dangerous function imports, but this is a very weak mechanism and cannot be relied upon.
Until this hole is fixed, Mueval should *not* be used on potentially hostile input.
Mueval is currently POSIX-only.
Downloads
- mueval-0.3.1.tar.gz [browse] (Cabal source package)
- Package description (as included in the package)
Maintainer's Corner
For package maintainers and hackage trustees
Candidates
- No Candidates
Versions [RSS] | 0.2, 0.2.1, 0.3, 0.3.1, 0.4, 0.4.5, 0.4.6, 0.5, 0.5.1, 0.6, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.7.0, 0.7.1, 0.8, 0.8.1, 0.8.2, 0.9, 0.9.1, 0.9.1.1, 0.9.1.1.2, 0.9.3, 0.9.4 |
---|---|
Dependencies | base, directory, hint (>=0.2.2), mtl, show, unix [details] |
Tested with | ghc ==6.8.2 |
License | BSD-3-Clause |
Author | Gwern |
Maintainer | Gwern <gwern0@gmail.com> |
Category | Development, Language |
Home page | http://code.haskell.org/mubot/ |
Uploaded | by GwernBranwen at 2008-06-26T15:56:41Z |
Distributions | Arch:0.9.3, Debian:0.9.3, FreeBSD:0.9.1.1.2, NixOS:0.9.4 |
Reverse Dependencies | 5 direct, 1 indirect [details] |
Executables | mueval |
Downloads | 27228 total (58 in the last 30 days) |
Rating | (no votes yet) [estimated by Bayesian average] |
Your Rating | |
Status | Docs uploaded by user Build status unknown [no reports yet] |