[pypy-dev] Security ideas
holger krekel
hpk at trillke.net
Tue Jul 18 08:34:21 CEST 2006
Hi Armin,
On Mon, Jul 17, 2006 at 20:02 +0200, Armin Rigo wrote:
> On Thu, Jul 13, 2006 at 08:02:29AM +0200, holger krekel wrote:
> > def enter_bid(n):
> > if n > highest_bid.value:
> > highest_bid.value = n
> > enter_bid = secure(enter_bid)
> >
> > Here the annotator analysis is supposed to prevent a leak of information
> > from the secret value. But if the if-branch additionally contains:
> >
> > num_bids += 1
> >
> > don't you run into a branching/code-dependent-on-secret-condition
> > problem again? Would the annotator prevent the manipulation of
> > the global 'num_bids'? Would it need to be a public value?
>
> You can't modify global values in RPython anyway. But more generally,
> yes, the annotator would follow all mutations and propagate security
> levels.
Hum, sorry for having asked too many questions at once. Obviously,
i could have said "whatever.num_bids +=1".
Anyway, it seems that we cannot avoid the "dependent code block" issue
but you consider the annotator more suited than an object space
to deal with it, right?
Also, from your answers i gather that your focus is more on
getting something at-or-beyond-state-of-the-art first rather
than to provide something directly practical. Probably makes
sense.
best,
holger
More information about the Pypy-dev
mailing list