Browse thread
Securely loading and running untrusted modules
[
Home
]
[ Index:
by date
|
by threads
]
[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
| Date: | -- (:) |
| From: | Richard Jones <rich@a...> |
| Subject: | Re: [Caml-list] Securely loading and running untrusted modules |
On Tue, Apr 05, 2005 at 09:55:32PM +0900, Nicolas Cannasse wrote: > I think that current VM is optimized for speed and doesn't do more bytecode > checking than strictly necessary. That means that someone could forge some > bytecode file that would take control of the VM and then can call the whole > C api. Tricky, but feasible. I'm hoping that by compiling from source I'll avoid any bytecode attacks. Is there a way to generate faulty bytecode from a source file? Rich. -- Richard Jones, CTO Merjis Ltd. Merjis - web marketing and technology - http://merjis.com Team Notepad - intranets and extranets for business - http://team-notepad.com