From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pierre.weis@inria.fr>
Delivered-To: caml-list@yquem.inria.fr
Received: from concorde.inria.fr (concorde.inria.fr [192.93.2.39])
	by yquem.inria.fr (Postfix) with ESMTP id 9F3F5BC48
	for <caml-list@yquem.inria.fr>; Tue,  5 Apr 2005 15:16:11 +0200 (CEST)
Received: from pauillac.inria.fr (pauillac.inria.fr [128.93.11.35])
	by concorde.inria.fr (8.13.0/8.13.0) with ESMTP id j35DGB83004447
	for <caml-list@yquem.inria.fr>; Tue, 5 Apr 2005 15:16:11 +0200
Received: from nez-perce.inria.fr (nez-perce.inria.fr [192.93.2.78]) by pauillac.inria.fr (8.7.6/8.7.3) with ESMTP id PAA30465 for <caml-list@pauillac.inria.fr>; Tue, 5 Apr 2005 15:16:10 +0200 (MET DST)
Received: from furbychan.cocan.org (furbychan.cocan.org [80.68.91.176])
	by nez-perce.inria.fr (8.13.0/8.13.0) with ESMTP id j35DGAYX029764
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO)
	for <caml-list@inria.fr>; Tue, 5 Apr 2005 15:16:10 +0200
Received: from rich by furbychan.cocan.org with local (Exim 3.35 #1 (Debian))
	id 1DInua-0001lp-00; Tue, 05 Apr 2005 14:16:08 +0100
Date: Tue, 5 Apr 2005 14:16:08 +0100
To: Nicolas Cannasse <warplayer@free.fr>
Cc: caml-list@inria.fr
Subject: Re: [Caml-list] Securely loading and running untrusted modules
Message-ID: <20050405131608.GB5103@furbychan.cocan.org>
References: <20050405121459.GA29378@furbychan.cocan.org> <000f01c539de$c1859fd0$0c05a8c0@PWARP>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <000f01c539de$c1859fd0$0c05a8c0@PWARP>
User-Agent: Mutt/1.3.28i
From: Richard Jones <rich@annexia.org>
X-Miltered: at concorde with ID 42528F9B.001 by Joe's j-chkmail (http://j-chkmail.ensmp.fr)!
X-Miltered: at nez-perce with ID 42528F9A.000 by Joe's j-chkmail (http://j-chkmail.ensmp.fr)!
X-Spam: no; 0.00; caml-list:01 untrusted:01 cannasse:01 bytecode:01 bytecode:01 api:01 notepad:01 securely:98 wrote:01 modules:01 checking:01 nicolas:02 compiling:02 tricky:02 feasible:04 
X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on yquem.inria.fr
X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=disabled 
	version=3.0.2
X-Spam-Level: 

On Tue, Apr 05, 2005 at 09:55:32PM +0900, Nicolas Cannasse wrote:
> I think that current VM is optimized for speed and doesn't do more bytecode
> checking than strictly necessary. That means that someone could forge some
> bytecode file that would take control of the VM and then can call the whole
> C api. Tricky, but feasible.

I'm hoping that by compiling from source I'll avoid any bytecode
attacks.  Is there a way to generate faulty bytecode from a source
file?

Rich.

-- 
Richard Jones, CTO Merjis Ltd.
Merjis - web marketing and technology - http://merjis.com
Team Notepad - intranets and extranets for business - http://team-notepad.com