From mboxrd@z Thu Jan 1 00:00:00 1970 Received: (from majordomo@localhost) by pauillac.inria.fr (8.7.6/8.7.3) id SAA03376; Sat, 28 Feb 2004 18:06:06 +0100 (MET) X-Authentication-Warning: pauillac.inria.fr: majordomo set sender to owner-caml-list@pauillac.inria.fr using -f Received: from nez-perce.inria.fr (nez-perce.inria.fr [192.93.2.78]) by pauillac.inria.fr (8.7.6/8.7.3) with ESMTP id SAA04587 for ; Sat, 28 Feb 2004 18:06:05 +0100 (MET) Received: from mail.physik.uni-muenchen.de (mail.physik.uni-muenchen.de [192.54.42.129]) by nez-perce.inria.fr (8.12.10/8.12.10) with ESMTP id i1SH6AIq014098 for ; Sat, 28 Feb 2004 18:06:10 +0100 Received: from localhost (unknown [127.0.0.1]) by mail.physik.uni-muenchen.de (Postfix) with ESMTP id 028B620011; Sat, 28 Feb 2004 17:06:04 +0000 (UTC) Received: from mail.physik.uni-muenchen.de ([127.0.0.1]) by localhost (mail.physik.uni-muenchen.de [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 25808-01-22; Sat, 28 Feb 2004 18:06:02 +0100 (CET) Received: from mailhost.cip.physik.uni-muenchen.de (kaiser.cip.physik.uni-muenchen.de [141.84.136.1]) by mail.physik.uni-muenchen.de (Postfix) with ESMTP id 13B8B201DB; Sat, 28 Feb 2004 18:06:02 +0100 (CET) Received: from seekar.cip.physik.uni-muenchen.de (seekar.cip.physik.uni-muenchen.de [141.84.136.52]) by mailhost.cip.physik.uni-muenchen.de (Postfix) with ESMTP id EA7458514F; Sat, 28 Feb 2004 18:06:01 +0100 (CET) Received: by seekar.cip.physik.uni-muenchen.de (Postfix, from userid 3092) id E092279FD; Sat, 28 Feb 2004 18:06:01 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by seekar.cip.physik.uni-muenchen.de (Postfix) with ESMTP id DE37079FC; Sat, 28 Feb 2004 18:06:01 +0100 (CET) Date: Sat, 28 Feb 2004 18:06:01 +0100 (CET) From: Thomas Fischbacher To: Richard Jones Cc: caml-list@inria.fr Subject: Re: [Caml-list] How to secure an OCaml server In-Reply-To: <20040228165400.GA24495@redhat.com> Message-ID: References: <87llmnme9b.fsf@linux-france.org> <20040228165400.GA24495@redhat.com> X-BOFH: Daemons did it MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by amavisd-new at physik.uni-muenchen.de X-Miltered: at nez-perce by Joe's j-chkmail ("http://j-chkmail.ensmp.fr")! X-Loop: caml-list@inria.fr X-Spam: no; 0.00; physik:01 caml-list:01 2004:99 0900,:01 yutaka:01 oiwa:01 catastrophe:01 runtime:01 hash:01 cip:99 physik:01 cip:99 arrays:01 arrays:01 ocaml:01 Sender: owner-caml-list@pauillac.inria.fr Precedence: bulk On Sat, 28 Feb 2004, Richard Jones wrote: > On Sun, Feb 29, 2004 at 01:44:10AM +0900, Yutaka OIWA wrote: > > Unlike C and C++, Objective Caml has strong builtin protection for > > array boundary overflow. You can expect that inputs which usually > > cause arbitrary code execution (like viruses and worms) do not cause > > such catastrophe, but only make your programs report runtime exception > > and then halt. > > Remember the corollary of having safe arrays is that people can DoS > your server by opening a socket and writing .. and writing .. and > writing. It's always a good idea to either implement your own > sensible maximums on the length of strings / arrays, or at least run > your module with a BSD resource-style limit (setrlimit(2)). Yes. Another interesting issue that frequently comes up in such situations is provoking hash collisions. -- regards, tf@cip.physik.uni-muenchen.de (o_ Thomas Fischbacher - http://www.cip.physik.uni-muenchen.de/~tf //\ (lambda (n) ((lambda (p q r) (p p q r)) (lambda (g x y) V_/_ (if (= x 0) y (g g (- x 1) (* x y)))) n 1)) (Debian GNU) ------------------- To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/ Beginner's list: http://groups.yahoo.com/group/ocaml_beginners