Replacing rexec

Jack Diederich jack at performancedrivers.com
Thu Jul 17 17:20:50 CEST 2003


On Thu, Jul 17, 2003 at 01:14:02PM -0000, Moshe Zadka wrote:
> [Aahz]
> > require forking the code.  Note that it's already too easy to write a
> > DoS attack against Python: 100L**100**100 will do it.  Conversely, if
> > only trusted code is going into the server, there's no need for rexec.
> 
> [John J. Lee]
> > I don't see how it's possible to prevent that, whatever language
> > you're using.
> 
> Limits on memory and CPU ticks used by untrusted code.
> This brand new, cutting edge technology is not yet available, and 
> LambdaMOO was, of course, a product of Guido misusing the time-machine.
> Which doesn't exist itself, either.

MUD interpreters [I only know the LPC interpreter first hand] were designed
for this from the ground up.  A single operation couldn't spin the CPU
forever or consume a world's worth of memory.  They did this badly.
It wasn't possible to crash a MUD but you could bring one to its knees by
using LIMIT-1 of every resource every bump.  MUDs also have an advantage
because the people writing code are hand picked.  They have a stake in doing
the right thing so they rarely write malicious code.

-jack





More information about the Python-list mailing list