[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Psyntax security hole prevents secure sandboxing in Guile
From: |
Andreas Rottmann |
Subject: |
Re: Psyntax security hole prevents secure sandboxing in Guile |
Date: |
Mon, 07 May 2012 22:10:51 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.1.50 (gnu/linux) |
Noah Lavine <address@hidden> writes:
>> Can you think of anything else that would need to be fixed, besides this
>> problem with forgeable syntax-objects?
>
> It depends how much of a sandbox you're thinking of, but I'd like to
> make sure that the untrusted code didn't go into an infinite loop,
> which means either putting it in a separate process or having a timer
> that would stop it after a deadline. Also you'd have to make sure that
> you didn't run any procedure returned by the untrusted code, for the
> same reason.
>
> Also, what if the untrusted code allocated a lot of memory? I suppose
> you could depend on that all being garbage-collected after it
> finished, but you'd have to be prepared to handle out-of-memory errors
> while it was running.
>
> It might be easiest to just put it in a separate process, although
> that would make communication harder.
>
Racket has a facility that achieves sandboxing (with the above property
of CPU and RAM usage bounds), i believe:
http://docs.racket-lang.org/reference/Sandboxed_Evaluation.html
Regards, Rotty
--
Andreas Rottmann -- <http://rotty.yi.org/>