From mboxrd@z Thu Jan  1 00:00:00 1970
Received: (from majordomo@localhost) by pauillac.inria.fr (8.7.6/8.7.3) id RAA03577; Sat, 28 Feb 2004 17:54:05 +0100 (MET)
X-Authentication-Warning: pauillac.inria.fr: majordomo set sender to owner-caml-list@pauillac.inria.fr using -f
Received: from concorde.inria.fr (concorde.inria.fr [192.93.2.39]) by pauillac.inria.fr (8.7.6/8.7.3) with ESMTP id RAA01927 for <caml-list@pauillac.inria.fr>; Sat, 28 Feb 2004 17:54:04 +0100 (MET)
Received: from aomori.annexia.org (annexia.force9.co.uk [212.56.101.183])
	by concorde.inria.fr (8.12.10/8.12.10) with ESMTP id i1SGs1ae023939
	for <caml-list@inria.fr>; Sat, 28 Feb 2004 17:54:03 +0100
Received: from rich by aomori.annexia.org with local (Exim 3.36 #1 (Debian))
	id 1Ax7iy-0006aX-00
	for <caml-list@inria.fr>; Sat, 28 Feb 2004 16:54:00 +0000
Date: Sat, 28 Feb 2004 16:54:00 +0000
Cc: caml-list@inria.fr
Subject: Re: [Caml-list] How to secure an OCaml server
Message-ID: <20040228165400.GA24495@redhat.com>
References: <87llmnme9b.fsf@linux-france.org> <vfioerj9msl.fsf@tuba.is.s.u-tokyo.ac.jp>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <vfioerj9msl.fsf@tuba.is.s.u-tokyo.ac.jp>
User-Agent: Mutt/1.5.4i
From: Richard Jones <rich@annexia.org>
X-Miltered: at concorde by Joe's j-chkmail ("http://j-chkmail.ensmp.fr")!
X-Loop: caml-list@inria.fr
X-Spam: no; 0.00; caml-list:01 2004:99 0900,:01 yutaka:01 oiwa:01 catastrophe:01 runtime:01 arrays:01 arrays:01 ltd:98 ocaml:01 caml:01 overflow:02 exception:02 arbitrary:02 
Sender: owner-caml-list@pauillac.inria.fr
Precedence: bulk

On Sun, Feb 29, 2004 at 01:44:10AM +0900, Yutaka OIWA wrote:
> Unlike C and C++, Objective Caml has strong builtin protection for
> array boundary overflow.  You can expect that inputs which usually
> cause arbitrary code execution (like viruses and worms) do not cause
> such catastrophe, but only make your programs report runtime exception
> and then halt.

Remember the corollary of having safe arrays is that people can DoS
your server by opening a socket and writing .. and writing .. and
writing.  It's always a good idea to either implement your own
sensible maximums on the length of strings / arrays, or at least run
your module with a BSD resource-style limit (setrlimit(2)).

Rich.

-- 
Richard Jones. http://www.annexia.org/ http://www.j-london.com/
Merjis Ltd. http://www.merjis.com/ - improving website return on investment
http://www.YouUnlimited.co.uk/ - management courses

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners