From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Original-To: caml-list@yquem.inria.fr Delivered-To: caml-list@yquem.inria.fr Received: from nez-perce.inria.fr (nez-perce.inria.fr [192.93.2.78]) by yquem.inria.fr (Postfix) with ESMTP id EEE37BB9A for ; Thu, 6 Oct 2005 01:20:33 +0200 (CEST) Received: from pauillac.inria.fr (pauillac.inria.fr [128.93.11.35]) by nez-perce.inria.fr (8.13.0/8.13.0) with ESMTP id j95NKXPx002671 for ; Thu, 6 Oct 2005 01:20:33 +0200 Received: from concorde.inria.fr (concorde.inria.fr [192.93.2.39]) by pauillac.inria.fr (8.7.6/8.7.3) with ESMTP id BAA32460 for ; Thu, 6 Oct 2005 01:20:33 +0200 (MET DST) Received: from yavin.stwing.upenn.edu (YAVIN.STWING.upenn.edu [165.123.132.64]) by concorde.inria.fr (8.13.0/8.13.0) with ESMTP id j95NKVRv027446 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Thu, 6 Oct 2005 01:20:32 +0200 Received: from localhost (localhost [127.0.0.1]) by yavin.stwing.upenn.edu (Postfix) with ESMTP id E8C9AA47 for ; Wed, 5 Oct 2005 19:20:30 -0400 (EDT) Received: from yavin.stwing.upenn.edu ([127.0.0.1]) by localhost (yavin.stwing.upenn.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 04681-08 for ; Wed, 5 Oct 2005 19:20:30 -0400 (EDT) Received: from coruscant.stwing.upenn.edu (FORCE.STWING.UPENN.EDU [165.123.132.62]) by yavin.stwing.upenn.edu (Postfix) with ESMTP id AFB09759 for ; Wed, 5 Oct 2005 19:20:30 -0400 (EDT) Received: by coruscant.stwing.upenn.edu (Postfix, from userid 5302) id 563C9E517; Wed, 5 Oct 2005 19:20:30 -0400 (EDT) Date: Wed, 5 Oct 2005 19:20:29 -0400 From: William Lovas To: caml-list@inria.fr Subject: Re: FP/IP and performance (in general) and Patterns... (Re: [Caml-list] Avoiding shared data) Message-ID: <20051005232029.GA4975@coruscant.stwing.upenn.edu> Mail-Followup-To: caml-list@inria.fr References: <20051005134552.GA1042@first.in-berlin.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20051005134552.GA1042@first.in-berlin.de> User-Agent: Mutt/1.5.6i X-Virus-Scanned: amavisd-new at stwing.upenn.edu X-Miltered: at nez-perce with ID 43445FC1.000 by Joe's j-chkmail (http://j-chkmail.ensmp.fr)! X-Miltered: at concorde with ID 43445FBF.001 by Joe's j-chkmail (http://j-chkmail.ensmp.fr)! X-Spam: no; 0.00; lovas:01 wlovas:01 stwing:01 upenn:01 caml-list:01 avoiding:01 oliver:01 bandel:01 ocaml's:01 printf:01 o'caml:01 printf:01 o'caml:01 cheers:01 ...:98 X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on yquem.inria.fr X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=disabled version=3.0.3 On Wed, Oct 05, 2005 at 03:45:52PM +0200, Oliver Bandel wrote: > So, the typical "out of bounds" and "format string" problems > are typical security risks. > (Btw: is OCaml's format-string stuff from the Printf-module save in > this respect?!) As far as i understand the "format string" bugs, they arise when a programmer writes a call to printf whose first argument comes from user input. In O'Caml the various *printf functions require their first argument to have type "('a, 'b, 'c) format", for some values of 'a, 'b, and 'c. As far as i can tell there's no way to produce a value of this type from user input, so O'Caml should be safe. In fact, there might even be a better reason O'Caml is safe, like that it doesn't automatically keep looking for arguments until it runs out of %expandos, but rather it just produces a closure that can be applied to more arguments later. But this is just a guess, based on a quick 5-minute perusal of the O'Caml standard library. cheers, William