Version française
Home     About     Download     Resources     Contact us    
Browse thread
Securely loading and running untrusted modules
[ Home ] [ Index: by date | by threads ]
[ Search: ]

[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
Date: -- (:)
From: Nicolas Cannasse <warplayer@f...>
Subject: Re: [Caml-list] Securely loading and running untrusted modules
> To prevent infinite loops, starting an alarm(2) before loading the
> module should kill the Apache process if it uses too much CPU time.
>
> I'm fairly sure that the method above should cope with everything
> barring bugs in the compiler and bugs in SafeAPI.
>
> Am I thinking right?
>
> Rich.

I think that current VM is optimized for speed and doesn't do more bytecode
checking than strictly necessary. That means that someone could forge some
bytecode file that would take control of the VM and then can call the whole
C api. Tricky, but feasible.
You might need to add load-time or runtime bytecode checks in order to
secure the VM.

Regards,
Nicolas Cannasse