Version française
Home     About     Download     Resources     Contact us    

This site is updated infrequently. For up-to-date information, please visit the new OCaml website at

Browse thread
Securely loading and running untrusted modules
[ Home ] [ Index: by date | by threads ]
[ Search: ]

[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
Date: 2005-04-05 (13:16)
From: Richard Jones <rich@a...>
Subject: Re: [Caml-list] Securely loading and running untrusted modules
On Tue, Apr 05, 2005 at 09:55:32PM +0900, Nicolas Cannasse wrote:
> I think that current VM is optimized for speed and doesn't do more bytecode
> checking than strictly necessary. That means that someone could forge some
> bytecode file that would take control of the VM and then can call the whole
> C api. Tricky, but feasible.

I'm hoping that by compiling from source I'll avoid any bytecode
attacks.  Is there a way to generate faulty bytecode from a source


Richard Jones, CTO Merjis Ltd.
Merjis - web marketing and technology -
Team Notepad - intranets and extranets for business -