[cap-talk] Abstractions that subsume capabilities
Kevin Reid
kpreid at mac.com
Wed Mar 12 10:49:58 EDT 2008
On Mar 12, 2008, at 10:28, Sandro Magi wrote:
> The suggestions made thus far were to close this hole. I think
> Haskell's
> mistake here is the I/O signatures and main's in particular: IO ().
>
> At a coarse granularity, they should be:
>
> main :: World -> IO ()
> openFile :: World -> FilePath -> IOMode -> IO Handle
To demonstrate how this change is sufficient to permit capability
structure:
-- ignoring the need to prohibit ".." etc. for simplicity.
openRestricted world prefix path = openFile world (prefix ++ path)
main world = do
...
h <- untrusted (openRestricted world "/sandbox/")
...
Of course, one would want to have libraries providing utilities like
openRestricted.
--
Kevin Reid <http://homepage.mac.com/kpreid/>
More information about the cap-talk
mailing list