From: Richard Jones <rich@annexia.org>
To: Thomas Fischbacher <Thomas.Fischbacher@Physik.Uni-Muenchen.DE>
Cc: caml-list@inria.fr
Subject: Re: [Caml-list] How to secure an OCaml server
Date: Sat, 28 Feb 2004 19:29:11 +0000 [thread overview]
Message-ID: <20040228192911.GA950@redhat.com> (raw)
In-Reply-To: <Pine.LNX.4.58.0402281805260.5837@seekar.cip.physik.uni-muenchen.de>
On Sat, Feb 28, 2004 at 06:06:01PM +0100, Thomas Fischbacher wrote:
>
> On Sat, 28 Feb 2004, Richard Jones wrote:
>
> > On Sun, Feb 29, 2004 at 01:44:10AM +0900, Yutaka OIWA wrote:
> > > Unlike C and C++, Objective Caml has strong builtin protection for
> > > array boundary overflow. You can expect that inputs which usually
> > > cause arbitrary code execution (like viruses and worms) do not cause
> > > such catastrophe, but only make your programs report runtime exception
> > > and then halt.
> >
> > Remember the corollary of having safe arrays is that people can DoS
> > your server by opening a socket and writing .. and writing .. and
> > writing. It's always a good idea to either implement your own
> > sensible maximums on the length of strings / arrays, or at least run
> > your module with a BSD resource-style limit (setrlimit(2)).
>
> Yes. Another interesting issue that frequently comes up in such situations
> is provoking hash collisions.
Yes, right! I forgot about that one, but it's very important. IIRC
Perl 5.8.0 changed hashes so there is some randomness in the hashing
function, which reduces the possibility of this sort of attack.
Rich.
--
Richard Jones. http://www.annexia.org/ http://www.j-london.com/
Merjis Ltd. http://www.merjis.com/ - improving website return on investment
PTHRLIB is a library for writing small, efficient and fast servers in C.
HTTP, CGI, DBI, lightweight threads: http://www.annexia.org/freeware/pthrlib/
-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners
next prev parent reply other threads:[~2004-02-28 19:29 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-02-28 15:10 David MENTRE
2004-02-28 16:37 ` David MENTRE
2004-02-28 16:44 ` Yutaka OIWA
2004-02-28 16:54 ` Richard Jones
2004-02-28 17:06 ` Thomas Fischbacher
2004-02-28 19:29 ` Richard Jones [this message]
2004-02-28 19:41 ` David MENTRE
2004-02-28 20:20 ` Richard Jones
2004-02-28 20:28 ` Thomas Fischbacher
2004-02-28 20:29 ` Richard Jones
2004-02-28 20:38 ` Thomas Fischbacher
2004-02-28 20:24 ` Thomas Fischbacher
2004-02-28 21:04 ` David MENTRE
2004-02-28 23:16 ` Yamagata Yoriyuki
2004-02-28 23:49 ` Thomas Fischbacher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040228192911.GA950@redhat.com \
--to=rich@annexia.org \
--cc=Thomas.Fischbacher@Physik.Uni-Muenchen.DE \
--cc=caml-list@inria.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).