Browse thread
Safe marshall?
[
Home
]
[ Index:
by date
|
by threads
]
[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
Date: | 2005-02-17 (00:11) |
From: | Mike Hamburg <hamburg@f...> |
Subject: | Re: [Caml-list] Safe marshall? |
I don't know of any way to tell a C function typing information. Maybe with GCaml, but I haven't seen a new version of that in a long time. Even to get such information from within Caml sounds dubious; it seems like a Haskell-type-class-esque solution would be needed. Anyway, is the Objective-C serialization safe? This sounds unlikely to me... Mike On Feb 16, 2005, at 5:55 PM, Oliver Bandel wrote: > On Wed, Feb 16, 2005 at 05:07:55PM -0500, Mike Hamburg wrote: >> Is there any way to call Marshall in a type-safe way? I need to use >> marshaling for a networking program, and I'd rather not leave Marshal >> as an arbitrary code execution vulnerability (which it is as far as I >> can tell: switching on a Marshaled value should produce a computed >> jump, which can be set by an attacker to point to an arbitrary place). >> Am I stuck writing my own marshal function? > > Is it possible to say a C-function *anything* about a datastructure's > structure? > Via the C-interface of OCaml?! > > If so.... at least under Mac OS-X it should be possible to solve that > task > with Objective-C. It can dump objects completely. > > So this - at least on this platform - would be possible then. > > But IMHO this may not be possible with all Objective-C implementations. > > Ciao, > Oliver > > _______________________________________________ > Caml-list mailing list. Subscription management: > http://yquem.inria.fr/cgi-bin/mailman/listinfo/caml-list > Archives: http://caml.inria.fr > Beginner's list: http://groups.yahoo.com/group/ocaml_beginners > Bug reports: http://caml.inria.fr/bin/caml-bugs >