Version française
Home     About     Download     Resources     Contact us    
Browse thread
Safe marshall?
[ Home ] [ Index: by date | by threads ]
[ Search: ]

[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
Date: -- (:)
From: Mike Hamburg <hamburg@f...>
Subject: Re: [Caml-list] Safe marshall?
I don't know of any way to tell a C function typing information.  Maybe 
with GCaml, but I haven't seen a new version of that in a long time.  
Even to get such information from within Caml sounds dubious; it seems 
like a Haskell-type-class-esque solution would be needed.

Anyway, is the Objective-C serialization safe?  This sounds unlikely to 
me...

Mike

On Feb 16, 2005, at 5:55 PM, Oliver Bandel wrote:

> On Wed, Feb 16, 2005 at 05:07:55PM -0500, Mike Hamburg wrote:
>> Is there any way to call Marshall in a type-safe way?  I need to use
>> marshaling for a networking program, and I'd rather not leave Marshal
>> as an arbitrary code execution vulnerability (which it is as far as I
>> can tell: switching on a Marshaled value should produce a computed
>> jump, which can be set by an attacker to point to an arbitrary place).
>> Am I stuck writing my own marshal function?
>
> Is it possible to say a C-function *anything* about a datastructure's 
> structure?
> Via the C-interface of OCaml?!
>
> If so.... at least under Mac OS-X it should be possible to solve that 
> task
> with Objective-C. It can dump objects completely.
>
> So this -  at least on this platform - would be possible then.
>
> But IMHO this may not be possible with all Objective-C implementations.
>
> Ciao,
>   Oliver
>
> _______________________________________________
> Caml-list mailing list. Subscription management:
> http://yquem.inria.fr/cgi-bin/mailman/listinfo/caml-list
> Archives: http://caml.inria.fr
> Beginner's list: http://groups.yahoo.com/group/ocaml_beginners
> Bug reports: http://caml.inria.fr/bin/caml-bugs
>