A few minutes ago, Sam Tobin-Hochstadt wrote:
> On Mon, Aug 19, 2013 at 4:34 PM, Matthew Flatt <mfl...@cs.utah.edu> wrote:
> >
> > Is there a situation where allowing an arbitrary file- or
> > directory-existence test would be bad?
>
> This all depends on how paranoid we want to be. There are certainly
> situations when this will be bad -- it lets you determine who else
> has an account on a computer, for example. But there are contexts
> where having GC be observable is a security hole as well, so we have
> to pick a spot on the continuum.
Getting some hacker-useful information from an observable GC time is
much harder than doing so from FS existence tests. Two quick
examples:
* On a unix machine, check if there's a /tmp/shadow file -- if there
isn't then you have a machine that is a potential gold mine for
hackers.
* On a windows machine you can use some network drive or a drive of
some random device for a kind of a local DOS attack.
(There's probably a lot of similar things that are much more
sophisticated; probe attacks in general are very common now.)
--
((lambda (x) (x x)) (lambda (x) (x x))) Eli Barzilay:
http://barzilay.org/ Maze is Life!
_________________________
Racket Developers list:
http://lists.racket-lang.org/dev
