Version française
Home     About     Download     Resources     Contact us    
Browse thread
Securely loading and running untrusted modules
[ Home ] [ Index: by date | by threads ]
[ Search: ]

[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
Date: -- (:)
From: Richard Jones <rich@a...>
Subject: Re: [Caml-list] Securely loading and running untrusted modules
On Tue, Apr 05, 2005 at 09:55:32PM +0900, Nicolas Cannasse wrote:
> I think that current VM is optimized for speed and doesn't do more bytecode
> checking than strictly necessary. That means that someone could forge some
> bytecode file that would take control of the VM and then can call the whole
> C api. Tricky, but feasible.

I'm hoping that by compiling from source I'll avoid any bytecode
attacks.  Is there a way to generate faulty bytecode from a source
file?

Rich.

-- 
Richard Jones, CTO Merjis Ltd.
Merjis - web marketing and technology - http://merjis.com
Team Notepad - intranets and extranets for business - http://team-notepad.com