[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Interning strings considered harmful (somewhat)
- From: Florian Weimer <fw@...>
- Date: Wed, 04 Nov 2009 17:48:31 +0100
* Matthew P. Del Buono:
> Florian Weimer wrote:
>> * Roberto Ierusalimschy:
>>> Excluding malware, I do not think this situation happens enough to
>>> justify any worry.
>> I know the argument: anybody who wants to take out your web server can
>> just flood it with 5 Gbps of traffic (or more if necessary).
> I think you already have an issue if you're being flooded like that
Well, the idea behind that argument is that those attacks are readily
available, so you don't have to guard against anything. I don't
really buy it.
>> Would an uninterned string type introduce too many additional code
>> paths in the VM?
> Why make a change to the VM? Why can't you just do it yourself?
Because I'd lose interoperability.
> Following the above logic, we can implement uninterned strings trivially
> as userdata. An __eq metamethod can be provided which passes off
> execution to strcmp (additional work may be neccessary to handle strings
> with zeros). We would use this userdata only for "insecure" strings,
> that is, strings that the remote user can influence. If we need to test
> between interned strings and our userdata, the userdata could provide a
> method through __index that allows for comparison against a string.
If I want to do use some existing code, I need to convert the data to
a real string, which exposes my code to interning. The VM can present
the uninterned string as a regular string to C routines, for instance.