Lorito bytcode security vs jittability
jaleto at gmail.com
Thu Mar 11 23:57:23 UTC 2010
> As another example, say we want to restrict access in a sandbox to a
> handfull of objects. If Lorito permits pointer arithmetic, it could
> become very tricky to guess where things will wind up pointing.
> Both of these examples leave us in a bad situation: either permit
> possibly unsafe operations, or explain to users what hoops they have
> to jump through to get their bytecode to validate as safe.
I am very interested in making our security layer as robust as
possible. Would the problems that you describe be mitigated by having
runloops that have certain opcodes removed? That way, if some funny
business happens via a security hole, the worst a malicious attacker
could do is generate a missing opcode error, instead of possibly
running arbitrary code.
Jonathan "Duke" Leto
jonathan at leto.net
More information about the parrot-dev