Re: Security
- From: Barry Margolin <barmar@xxxxxxxxxxxx>
- Date: Thu, 31 Jan 2008 02:09:38 -0500
In article
<a7cb8954-c53a-4f06-9566-652a9e6ea360@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
Steve-o <stknig@xxxxxxxxxxxxxx> wrote:
Does anyone have any specific pointers on how to write more secure
code in Common Lisp? For instance, with C/C++ programs you have to
be careful not to allow buffer overrun's to occur. But I can't see
how this could be a problem in Lisp.
Unless you set optimization parameters, which might disable array bounds
checking.
So, is there an equivalent type of problem with Lisp? The only
thing I can think of is to be careful of code-injection type problems
where evaluating s-expressions from an untrusted source could be
harmful. But that's pretty obvious.
Less obvious is that this can happen simply due to calling READ, because
of '#.'. So you need to set *READ-EVAL* to NIL.
Are there a set of hard-won rules-of-thumb to help avoid specific
security issues?
Thanks for any info!
Steve
--
Barry Margolin, barmar@xxxxxxxxxxxx
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
.
- References:
- Security
- From: Steve-o
- Security
- Prev by Date: Security
- Next by Date: questions: how to load a file "inlined" inside a let, and how to reference count objects
- Previous by thread: Security
- Next by thread: Re: Security
- Index(es):
Relevant Pages
|
