Re: Python from Wise Guy's Viewpoint

From: Pascal Costanza (costanza_at_web.de)
Date: 10/27/03

Next message: Kalle Olavi Niemitalo: "what is an accessor (Re: Efficiency of multiple values)"
Previous message: Matthew Danish: "Re: Python from Wise Guy's Viewpoint"
In reply to: Alexander Schmolck: "Re: Python from Wise Guy's Viewpoint"
Next in thread: Alexander Schmolck: "Re: Python from Wise Guy's Viewpoint"
Reply: Alexander Schmolck: "Re: Python from Wise Guy's Viewpoint"
Reply: Espen Vestre: "Re: Python from Wise Guy's Viewpoint"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Mon, 27 Oct 2003 20:07:48 +0100

Alexander Schmolck wrote:

> Pascal Costanza <costanza@web.de> writes:
>
>
>>>>What's the problem?!?
>>>
>>>Maybe something like this?
>>> (* 10000000000000000000000000000000000000000000000000000000
>>> 10000000000000000000000000000000000000000000000 etc.)
>>
>>I don't get the point.
>
>
> Sorry for being unclear. I was just asking whether something along the lines
> of your safe eval wouldn't still be vulnerable to a DoS attack.

Welcome to Macintosh Common Lisp Version 5.0!
? (defun fac (x)
(if (= x 0) 1
(* x (fac (- x 1)))))
fac
? (fac 100000)
> Error: Stack overflow on control stack.
> To globally increase stack space,
> increase *minimum-stack-overflow-size*
> While executing: "Unknown"
> Type Command-/ to continue, Command-. to abort.
> If continued: Continue with a larger stack
See the Restarts… menu item for further choices.
1 >

...now add an exception handler around calls to myeval that handles
stack overflow, and don't allow the user code access to functions and
variables that can manipulate these settings. (With an appropriate
exception handler, the user wouldn't see the error as printed above and
wouldn't be able to issue the possible restarts.)

I know this doesn't completely answer your question, but it might give
you a clue about what is possible in modern Common Lisp implementations,
and how one could approach these things.

Pascal

Next message: Kalle Olavi Niemitalo: "what is an accessor (Re: Efficiency of multiple values)"
Previous message: Matthew Danish: "Re: Python from Wise Guy's Viewpoint"
In reply to: Alexander Schmolck: "Re: Python from Wise Guy's Viewpoint"
Next in thread: Alexander Schmolck: "Re: Python from Wise Guy's Viewpoint"
Reply: Alexander Schmolck: "Re: Python from Wise Guy's Viewpoint"
Reply: Espen Vestre: "Re: Python from Wise Guy's Viewpoint"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

Re: Python from Wise Guys Viewpoint
... > ...now add an exception handler around calls to myeval that handles stack ... and don't allow the user code access to functions and variables that ... Isn't the stack overflow just due to the function being coded/compiled poorly ...
(comp.lang.lisp)
Re: Paged Pool memory
... This can be a common problem(low resources). ... The problem for crash is stack overflow and i trying to find the reason for ... The exception handling mechanism is allocating ... Goes into exception handler ...
(microsoft.public.win32.programmer.kernel)
Re: Undebuggable StackOverflowException, possibly related to hotfi
... if you call "new StackTrace" before the first exception ... is raised, the stack overflow disappears. ... we get another exception and end up in the unhandled exception ... > exception handler. ...
(microsoft.public.dotnet.framework.clr)
Re: Application "Nuked"
... Should be easy to create a test to verify it. ... Read that somewhere too, now just created a very simple test app for this, ... in a main thread you get stack overflow exception handled by the default app ... exception handler. ...
(borland.public.delphi.non-technical)