Restrict access to "critical" functions

Andrew Wiley wiley.andrew.j at gmail.com
Wed Dec 14 09:10:46 PST 2011


2011/12/12 Christian Köstlin <christian.koestlin at gmail.com>:
> Hi,
>
> I want to restrict the access of a piece of d2-code to just some
> functions I declare allowed. E.g. I would like to forbid all access
> to io and prevent the program to format my hd. Or even better I would
> like to tell D2 which functions of the std-libraries are allowed, all other
> functions should not be callable.
>
> Goal would be to have a possibility to compile and let run code from random
> people (some of them perhaps evil minded), watch over the processes and kill
> them, if they take too long or use up too much memory.
>
> Thanks in advance
>
> Christian Köstlin

Honestly, I don't think what you're looking for is possible in *any*
statically compiled systems language. The kind of thing you're looking
for is pretty much limited to VM languages that can enforce security
restrictions at runtime.
In particular, having direct access to assembly code and the stub C
libraries for syscalls means that even if the compiler denied the user
access to a certain library, the user could write the code needed to
invoke a syscall to load that library into memory and make calls into
it, and they could bypass all safety checks if they were determined
enough.


More information about the Digitalmars-d-learn mailing list