[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Psyntax security hole prevents secure sandboxing in Guile
|
From: |
Noah Lavine |
|
Subject: |
Re: Psyntax security hole prevents secure sandboxing in Guile |
|
Date: |
Mon, 7 May 2012 14:25:52 -0400 |
> Can you think of anything else that would need to be fixed, besides this
> problem with forgeable syntax-objects?
It depends how much of a sandbox you're thinking of, but I'd like to
make sure that the untrusted code didn't go into an infinite loop,
which means either putting it in a separate process or having a timer
that would stop it after a deadline. Also you'd have to make sure that
you didn't run any procedure returned by the untrusted code, for the
same reason.
Also, what if the untrusted code allocated a lot of memory? I suppose
you could depend on that all being garbage-collected after it
finished, but you'd have to be prepared to handle out-of-memory errors
while it was running.
It might be easiest to just put it in a separate process, although
that would make communication harder.
Noah