Re: Gnumeric/Guile/Python

From: James Henstridge <james daa com au>
To: Ian McKellar <imckellar harvestroad com au>
cc: Miguel de Icaza <miguel nuclecu unam mx>, lukka fas harvard edu, dmiller ilogic com au, goldin flight uchicago edu, gnome-list gnome org
Subject: Re: Gnumeric/Guile/Python
Date: Thu, 27 May 1999 14:39:21 +0800 (WST)

It is difficult to prevent this in just about any language.  For these
sort of problems, the most effective way to prevent them is to use the
operating system's resource limiting capabilities.  AFAIK java/javascript
does not have protection against these sort of attacks.

James.

--
Email: james@daa.com.au
WWW:   http://www.daa.com.au/~james/


On Thu, 27 May 1999, Ian McKellar wrote:

> On Thu, May 27, 1999 at 10:31:28AM +0800, James Henstridge wrote:
> > 
> > You have complete control over modules that the script can import (even
> > giving the script a `fake' module object that could check function calls
> > down to the argument level before allowing it to proceed).  This way, you
> > could for instance prevent the script from importing the socket module
> > (ie. no networking allowed), or check calls to the file open function to
> > see if they are allowed to read/write a particular file.
> > 
> > You can get as fine grained security as you want with this setup.  Still,
> > I agree that this type of thing should wait until we can assess possible
> > problems.
> 
> I was playing about with this sort of thing with the goal of building a MUD
> in Python. rexec and Bastion give you a quite good sandbox - as good as Java,
> but you've still got the old problem of a malicious script creating _lots_
> of objects and using up all the memory and swap.
> 
> Ian
> 
> -- 
> "Perl is the COBOL of the '90s" - David Basden
>

Follow-Ups:
- Re: Gnumeric/Guile/Python
  - From: Ian McKellar

References:
- Re: Gnumeric/Guile/Python
  - From: Ian McKellar

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]