Date: Thu, 11 Nov 1999 22:01:24 +0100
From: Xavier Leroy <Xavier.Leroy@inria.fr>
To: Michael Hicks <mwh@dsl.cis.upenn.edu>
Subject: Re: dynamic loading of Caml bytecode
In-Reply-To: <199911081607.LAA27012@codex.cis.upenn.edu>; from Michael Hicks on Mon, Nov 08, 1999 at 11:07:23AM -0500
> I wonder if anyone could elaborate for me on the safety of dynamically
> loaded Ocaml bytecode? Is it possible to load bytecode that is not
> well-formed or type-correct (thus resulting in a core-dump or other
> misbehavior at runtime)? I understand that interfaces are checked for
> consistency using MD5 hashes, but I'm curious about the internal consistency
> of the bytecode file itself.
Essentially no consistency checks are performed by the dynamic loader.
Just like the MD5-based interface consistency mechanism that you
mention, the whole dynamic loader assumes that its input has been
produced by a correct OCaml compiler and not modified since. That's
why in the MMM design we had to rely on cryptographic signatures to
ensure the well-formedness of applet code.
- Xavier Leroy
This archive was generated by hypermail 2b29 : Sun Jan 02 2000 - 11:58:28 MET