[pypy-dev] Security ideas
holger krekel
hpk at trillke.net
Thu Jul 13 08:02:29 CEST 2006
Hi Armin,
On Wed, May 24, 2006 at 13:47 +0200, Armin Rigo wrote:
> On Monday I was at an inspiring seminar about (a specific form of)
> language-level security. I've collected the PyPy-ification of these
> ideas there:
>
> http://codespeak.net/svn/pypy/dist/pypy/doc/discussion/security-ideas.txt
IIUC, in this discussion you argue against an "Proxy-Object space" solution
because a code block may depend on a condition involving secret values.
In your alternative "annotator" suggestion, you give the following example:
def enter_bid(n):
if n > highest_bid.value:
highest_bid.value = n
enter_bid = secure(enter_bid)
Here the annotator analysis is supposed to prevent a leak of information
from the secret value. But if the if-branch additionally contains:
num_bids += 1
don't you run into a branching/code-dependent-on-secret-condition
problem again? Would the annotator prevent the manipulation of
the global 'num_bids'? Would it need to be a public value?
Moreover, i have practical concerns: your proposed
scheme requires RPython annotator analysis which implies to
have the PyPy tool chain available and accessible at programming
time. Not impossible but also not a use case that we went for
so far. Also it is not clear to which target "secure" would compile
functions to, C or bytecode or ...?
best,
holger
More information about the Pypy-dev
mailing list