[mcnamaratw]

My favorite part is that injecting an attacker's code would not cause a security problem, because the platform is immune to side effects.

[marcosdumay]

The compiler is perfectly able to create side-effects.

[mcnamaratw]

I'm not making the claim. It seems to be in the linked article:

""That's a security vulnerability!", you protest. "You are ... literally ... injecting remote code into your program."

Playing the devil's advocate, I ask you what is wrong with remote code injection

"Well, for starters, if the URL is compromised the attacker can run arbitrary code like ..."

... reading and writing files? Dhall is totally pure and doesn't support any effects at all (besides heating up CPUs ).

This brings us full circle back to our original "

[marcosdumay]

Oh, ok. On the specific case of Dhall, it can not.

[Gabriel439]

However, the compiler/interpreter places an upper bound on the amount of code that we need to audit because it acts like a trusted kernel. We only need to audit the compiler/interpreter itself for safety and once we do so we can automatically trust all programs written in the language that it compiles/interprets

[marcosdumay]

In a general case, the compiler acts as a sandbox. How much harm the malicious code can do depends on the specifics of how much IO it enables.

On the case of Dhall it's entirely safe, if you generalize it into a full OS equivalent system, you'd have to audit everything.