From mboxrd@z Thu Jan 1 00:00:00 1970 Received: (from majordomo@localhost) by pauillac.inria.fr (8.7.6/8.7.3) id AAA08758; Sun, 29 Feb 2004 00:49:45 +0100 (MET) X-Authentication-Warning: pauillac.inria.fr: majordomo set sender to owner-caml-list@pauillac.inria.fr using -f Received: from nez-perce.inria.fr (nez-perce.inria.fr [192.93.2.78]) by pauillac.inria.fr (8.7.6/8.7.3) with ESMTP id AAA19029 for ; Sun, 29 Feb 2004 00:49:43 +0100 (MET) Received: from mail.physik.uni-muenchen.de (mail.physik.uni-muenchen.de [192.54.42.129]) by nez-perce.inria.fr (8.12.10/8.12.10) with ESMTP id i1SNnnIq000511 for ; Sun, 29 Feb 2004 00:49:49 +0100 Received: from localhost (unknown [127.0.0.1]) by mail.physik.uni-muenchen.de (Postfix) with ESMTP id 7006E2022D; Sat, 28 Feb 2004 23:49:42 +0000 (UTC) Received: from mail.physik.uni-muenchen.de ([127.0.0.1]) by localhost (mail.physik.uni-muenchen.de [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 18149-01-94; Sun, 29 Feb 2004 00:49:40 +0100 (CET) Received: from mailhost.cip.physik.uni-muenchen.de (kaiser.cip.physik.uni-muenchen.de [141.84.136.1]) by mail.physik.uni-muenchen.de (Postfix) with ESMTP id 6B09F2028D; Sun, 29 Feb 2004 00:49:40 +0100 (CET) Received: from seekar.cip.physik.uni-muenchen.de (seekar.cip.physik.uni-muenchen.de [141.84.136.52]) by mailhost.cip.physik.uni-muenchen.de (Postfix) with ESMTP id 1F6418514F; Sun, 29 Feb 2004 00:49:40 +0100 (CET) Received: by seekar.cip.physik.uni-muenchen.de (Postfix, from userid 3092) id 17F2B79FD; Sun, 29 Feb 2004 00:49:40 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by seekar.cip.physik.uni-muenchen.de (Postfix) with ESMTP id 1599679FC; Sun, 29 Feb 2004 00:49:40 +0100 (CET) Date: Sun, 29 Feb 2004 00:49:40 +0100 (CET) From: Thomas Fischbacher To: Yamagata Yoriyuki Cc: oiwa@yl.is.s.u-tokyo.ac.jp, caml-list@inria.fr Subject: Re: [Caml-list] How to secure an OCaml server In-Reply-To: <20040229.081651.39150923.yoriyuki@mbg.ocn.ne.jp> Message-ID: References: <87llmnme9b.fsf@linux-france.org> <20040229.081651.39150923.yoriyuki@mbg.ocn.ne.jp> X-BOFH: Daemons did it MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by amavisd-new at physik.uni-muenchen.de X-Miltered: at nez-perce by Joe's j-chkmail ("http://j-chkmail.ensmp.fr")! X-Loop: caml-list@inria.fr X-Spam: no; 0.00; physik:01 caml-list:01 yamagata:01 yoriyuki:01 yutaka:01 oiwa:01 oiwa:01 u-tokyo:01 caml-list:01 2004:99 high-level:01 dangling:01 pointers:01 relaying:99 blowfish:01 Sender: owner-caml-list@pauillac.inria.fr Precedence: bulk On Sun, 29 Feb 2004, Yamagata Yoriyuki wrote: > From: Yutaka OIWA > Subject: Re: [Caml-list] How to secure an OCaml server > Date: Sun, 29 Feb 2004 01:44:10 +0900 > > > The garbage collection helps this style of programming, since with > > GC you can use those high-level data structures without fearing > > about memory leakage or dangling pointers. > > On the other hand, relaying GC means data reside in the memory for > unpredictable amount of time, and may swap out to the disk. In case we are talking about linux, may I recommend using cryptoapi to encrypt the swapspace (you can do a losetup -e blowfish /dev/loop7 swapfile; mkswap /dev/loop7; swapon /dev/loop7 at every boot - getting losetup to use a random string may perhaps need a bit of patching...)? What is swap good for nowadays that machines have RAM close to the 4 GB boundary anyway? I suppose it is mostly used just to slow the machine down enough so that root can react and kill processes by hand if some task goes haywire. Hence, encrypting swap will even help to slightly improve this. ;-> -- regards, tf@cip.physik.uni-muenchen.de (o_ Thomas Fischbacher - http://www.cip.physik.uni-muenchen.de/~tf //\ (lambda (n) ((lambda (p q r) (p p q r)) (lambda (g x y) V_/_ (if (= x 0) y (g g (- x 1) (* x y)))) n 1)) (Debian GNU) ------------------- To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/ Beginner's list: http://groups.yahoo.com/group/ocaml_beginners