From: Thomas Fischbacher <Thomas.Fischbacher@Physik.Uni-Muenchen.DE>
To: Richard Jones <rich@annexia.org>
Cc: caml-list@inria.fr
Subject: Re: [Caml-list] How to secure an OCaml server
Date: Sat, 28 Feb 2004 18:06:01 +0100 (CET) [thread overview]
Message-ID: <Pine.LNX.4.58.0402281805260.5837@seekar.cip.physik.uni-muenchen.de> (raw)
In-Reply-To: <20040228165400.GA24495@redhat.com>
On Sat, 28 Feb 2004, Richard Jones wrote:
> On Sun, Feb 29, 2004 at 01:44:10AM +0900, Yutaka OIWA wrote:
> > Unlike C and C++, Objective Caml has strong builtin protection for
> > array boundary overflow. You can expect that inputs which usually
> > cause arbitrary code execution (like viruses and worms) do not cause
> > such catastrophe, but only make your programs report runtime exception
> > and then halt.
>
> Remember the corollary of having safe arrays is that people can DoS
> your server by opening a socket and writing .. and writing .. and
> writing. It's always a good idea to either implement your own
> sensible maximums on the length of strings / arrays, or at least run
> your module with a BSD resource-style limit (setrlimit(2)).
Yes. Another interesting issue that frequently comes up in such situations
is provoking hash collisions.
--
regards, tf@cip.physik.uni-muenchen.de (o_
Thomas Fischbacher - http://www.cip.physik.uni-muenchen.de/~tf //\
(lambda (n) ((lambda (p q r) (p p q r)) (lambda (g x y) V_/_
(if (= x 0) y (g g (- x 1) (* x y)))) n 1)) (Debian GNU)
-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners
next prev parent reply other threads:[~2004-02-28 17:06 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-02-28 15:10 David MENTRE
2004-02-28 16:37 ` David MENTRE
2004-02-28 16:44 ` Yutaka OIWA
2004-02-28 16:54 ` Richard Jones
2004-02-28 17:06 ` Thomas Fischbacher [this message]
2004-02-28 19:29 ` Richard Jones
2004-02-28 19:41 ` David MENTRE
2004-02-28 20:20 ` Richard Jones
2004-02-28 20:28 ` Thomas Fischbacher
2004-02-28 20:29 ` Richard Jones
2004-02-28 20:38 ` Thomas Fischbacher
2004-02-28 20:24 ` Thomas Fischbacher
2004-02-28 21:04 ` David MENTRE
2004-02-28 23:16 ` Yamagata Yoriyuki
2004-02-28 23:49 ` Thomas Fischbacher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Pine.LNX.4.58.0402281805260.5837@seekar.cip.physik.uni-muenchen.de \
--to=thomas.fischbacher@physik.uni-muenchen.de \
--cc=caml-list@inria.fr \
--cc=rich@annexia.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox