Browse thread
Securely loading and running untrusted modules
[
Home
]
[ Index:
by date
|
by threads
]
[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
| Date: | -- (:) |
| From: | Alex Baretta <alex@b...> |
| Subject: | Re: [Caml-list] Securely loading and running untrusted modules |
Richard Jones wrote:
> On Tue, Apr 05, 2005 at 09:55:32PM +0900, Nicolas Cannasse wrote:
>
>>I think that current VM is optimized for speed and doesn't do more bytecode
>>checking than strictly necessary. That means that someone could forge some
>>bytecode file that would take control of the VM and then can call the whole
>>C api. Tricky, but feasible.
>
>
> I'm hoping that by compiling from source I'll avoid any bytecode
> attacks. Is there a way to generate faulty bytecode from a source
> file?
>
> Rich.
alex@alex:~$ ocaml
Objective Caml version 3.08.2
# external pizza : 'a -> 'b = "%identity";;
external pizza : 'a -> 'b = "%identity"
# pizza 1 = "pasta";;
Segmentation fault
--
*********************************************************************
http://www.barettadeit.com/
Baretta DE&IT
A division of Baretta SRL
tel. +39 02 370 111 55
fax. +39 02 370 111 54
Our technology:
The Application System/Xcaml (AS/Xcaml)
<http://www.asxcaml.org/>
The FreerP Project
<http://www.freerp.org/>