[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Turing-incomplete Lua?
- From: Mike Ferenduros <mike@...>
- Date: Wed, 01 Dec 2004 21:36:16 +0000
Incidentally, is this for a particular application? Off the top of my
head, I can't think of anything that would use an untrusted config file.
An example would be sharing snippets of your emacs initialization file with
other people -- you see a lot of these floating around on the web, and some of
them are hundreds, or even thousands, of lines of Lisp code. It's not just
an issue of trust, it's also an issue of verifiability and reliability. For
instance, I don't want to make a change to my own sendmail config file that
would, without my intending it, cause sendmail to go into an infinite loop
under certain obscure conditions. I think your Quake example is also very
apropos.
Sorry to be a wet blanket, but I'm still having difficulty getting my
head around the concept of untrusted config files:
1) People have been passing binaries and snippets of code around in the
internet for a while now and that seems to work ok. I'd guess that
people would be just as suspicious of config files from an untrusted
source as they would executables. I certainly am.
2) Malicious config files can often render the host application unusable
anyway. I'm not very familiar with sendmail, but couldn't a malicious
config file do some pretty unpleasant stuff? At least hanging is an
immediately obvious symptom that something's wrong,
Could someone set me straight please?
