On Wednesday, November 12, 2014, Andrew <mu...@mimisbrunnr.net> wrote: > > For example, you could make a lambda calculus interpreter in OCaml and > host it on the Internet. You could allow it to process arbitrary strings > from any individual on the Internet. I am extremely confident that this > would not produce any security problems for you beyond availability > problems resulting from non-divergent programs. You can work around this > by killing the interpreter after 10 minutes or something.
> This is where hackers say "oh but there could be bugs in ocamlyacc > generated ML code that results in code exec" or "oh but you could have a > CPU bug that I could get to by doing any computation" but I'm extremely > skeptical. > This type of logic is *exactly* what leads people to happily put new weird machines in places they shouldn't. ~djc
_______________________________________________ langsec-discuss mailing list langsec-discuss@mail.langsec.org https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
