On Tue, May 27, 2014 at 08:31:39PM +0200, Sven Kieske wrote: > It's nice you mention this filter. > > I may add that this is also used by the command line tool "tc" > which in turn is used by e.g. libvirt and many more tools > to accomplish traffic control (quality of service) on many modern > network devices and cloud platforms.
Cool, that one is new to me. > PS: I got a question regarding languages which do just allow a limited > number of recursions or loops within one given program: > > Could this feature not be easily bypassed if I can store > intermediary results e.g. in a file and just re-run the code > with these results as an input, again and again? If the "load" operation is a procedure call, that would count as a procedure call, eventually resulting in depletion of allotted resources. In a language which is implemented in terms of explicit continuations, every invocation of a continuation could decrease the amount of available "fuel" to run the program, eventually getting terminated, no matter what you do. In languages without explicit continuations (or instruction pipeline?), but with a baroque set of control flow operators you'd probably have to ensure that you build this notion into every such operator. The CHICKEN Scheme system has an extension library which does something like this. (more concretely: it relies on the implicit continuations generated by the interpreter and hooks into that, rather than performing its own CPS transformation). That's the "sandbox" egg: http://wiki.call-cc.org/eggref/4/sandbox Please note that this egg has never been the subject of a serious review of its security attributes, so there are likely to be flaws in it, but it's a nice proof of concept. Cheers, Peter -- http://www.more-magic.net _______________________________________________ langsec-discuss mailing list langsec-discuss@mail.langsec.org https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
