Replacing rexec
Jack Diederich
jack at performancedrivers.com
Thu Jul 17 11:20:50 EDT 2003
On Thu, Jul 17, 2003 at 01:14:02PM -0000, Moshe Zadka wrote:
> [Aahz]
> > require forking the code. Note that it's already too easy to write a
> > DoS attack against Python: 100L**100**100 will do it. Conversely, if
> > only trusted code is going into the server, there's no need for rexec.
>
> [John J. Lee]
> > I don't see how it's possible to prevent that, whatever language
> > you're using.
>
> Limits on memory and CPU ticks used by untrusted code.
> This brand new, cutting edge technology is not yet available, and
> LambdaMOO was, of course, a product of Guido misusing the time-machine.
> Which doesn't exist itself, either.
MUD interpreters [I only know the LPC interpreter first hand] were designed
for this from the ground up. A single operation couldn't spin the CPU
forever or consume a world's worth of memory. They did this badly.
It wasn't possible to crash a MUD but you could bring one to its knees by
using LIMIT-1 of every resource every bump. MUDs also have an advantage
because the people writing code are hand picked. They have a stake in doing
the right thing so they rarely write malicious code.
-jack
More information about the Python-list
mailing list