Browse thread
Re: FP/IP and performance (in general) and Patterns... (Re: [Caml-list] Avoiding shared data)
-
Oliver Bandel
- William Lovas
[
Home
]
[ Index:
by date
|
by threads
]
[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
| Date: | -- (:) |
| From: | William Lovas <wlovas@s...> |
| Subject: | Re: FP/IP and performance (in general) and Patterns... (Re: [Caml-list] Avoiding shared data) |
On Wed, Oct 05, 2005 at 03:45:52PM +0200, Oliver Bandel wrote:
> So, the typical "out of bounds" and "format string" problems
> are typical security risks.
> (Btw: is OCaml's format-string stuff from the Printf-module save in
> this respect?!)
As far as i understand the "format string" bugs, they arise when a
programmer writes a call to printf whose first argument comes from
user input. In O'Caml the various *printf functions require their
first argument to have type "('a, 'b, 'c) format", for some values
of 'a, 'b, and 'c. As far as i can tell there's no way to produce
a value of this type from user input, so O'Caml should be safe.
In fact, there might even be a better reason O'Caml is safe, like
that it doesn't automatically keep looking for arguments until it
runs out of %expandos, but rather it just produces a closure that
can be applied to more arguments later. But this is just a guess,
based on a quick 5-minute perusal of the O'Caml standard library.
cheers,
William