From: Richard Jones <rich@annexia.org>
Cc: caml-list@inria.fr
Subject: Re: [Caml-list] How to secure an OCaml server
Date: Sat, 28 Feb 2004 16:54:00 +0000 [thread overview]
Message-ID: <20040228165400.GA24495@redhat.com> (raw)
In-Reply-To: <vfioerj9msl.fsf@tuba.is.s.u-tokyo.ac.jp>
On Sun, Feb 29, 2004 at 01:44:10AM +0900, Yutaka OIWA wrote:
> Unlike C and C++, Objective Caml has strong builtin protection for
> array boundary overflow. You can expect that inputs which usually
> cause arbitrary code execution (like viruses and worms) do not cause
> such catastrophe, but only make your programs report runtime exception
> and then halt.
Remember the corollary of having safe arrays is that people can DoS
your server by opening a socket and writing .. and writing .. and
writing. It's always a good idea to either implement your own
sensible maximums on the length of strings / arrays, or at least run
your module with a BSD resource-style limit (setrlimit(2)).
Rich.
--
Richard Jones. http://www.annexia.org/ http://www.j-london.com/
Merjis Ltd. http://www.merjis.com/ - improving website return on investment
http://www.YouUnlimited.co.uk/ - management courses
-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners
next prev parent reply other threads:[~2004-02-28 16:54 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-02-28 15:10 David MENTRE
2004-02-28 16:37 ` David MENTRE
2004-02-28 16:44 ` Yutaka OIWA
2004-02-28 16:54 ` Richard Jones [this message]
2004-02-28 17:06 ` Thomas Fischbacher
2004-02-28 19:29 ` Richard Jones
2004-02-28 19:41 ` David MENTRE
2004-02-28 20:20 ` Richard Jones
2004-02-28 20:28 ` Thomas Fischbacher
2004-02-28 20:29 ` Richard Jones
2004-02-28 20:38 ` Thomas Fischbacher
2004-02-28 20:24 ` Thomas Fischbacher
2004-02-28 21:04 ` David MENTRE
2004-02-28 23:16 ` Yamagata Yoriyuki
2004-02-28 23:49 ` Thomas Fischbacher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040228165400.GA24495@redhat.com \
--to=rich@annexia.org \
--cc=caml-list@inria.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox