[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: [PATCH] 'data' mode for loadfile
- From: Jay Carlson <nop@...>
- Date: Wed, 19 Mar 2014 10:23:16 -0400
On Mar 17, 2014, at 3:34 PM, steve donovan <email@example.com> wrote:
> On Mon, Mar 17, 2014 at 8:41 PM, Thijs Schreijer
> <firstname.lastname@example.org> wrote:
>> Solutions are nice, but is there some list of potential problems? What I mean is; what should I consider to protect against when sandboxing?
> But the Billion Laughs attack, that's a nasty one. The problem with
> dynamic solutions (restricting memory, restricting instruction count)
> is that they are going to slow Lua down, which is an issue with
> reading big data files.
If you don't care if the result of large/malicious output is abnormal termination--and everybody who writes "#define malloc(x) assert(malloc(x))" doesn't--alarm(3) and setitimer(2) are pretty cheap. A problem with using timers as a proxy for "you're paging too much" is indeterminacy of environment; it may not be the fault (heh heh) of the process which had to wait for liblua to get paged back in.