Replacing rexec

Moshe Zadka m at moshez.org
Thu Jul 17 15:14:02 CEST 2003


[Aahz]
> require forking the code.  Note that it's already too easy to write a
> DoS attack against Python: 100L**100**100 will do it.  Conversely, if
> only trusted code is going into the server, there's no need for rexec.

[John J. Lee]
> I don't see how it's possible to prevent that, whatever language
> you're using.

Limits on memory and CPU ticks used by untrusted code.
This brand new, cutting edge technology is not yet available, and 
LambdaMOO was, of course, a product of Guido misusing the time-machine.
Which doesn't exist itself, either.
-- 
Moshe Zadka -- http://moshez.org/
Buffy: I don't like you hanging out with someone that... short.
Riley: Yeah, a lot of young people nowadays are experimenting with shortness.
Agile Programming Language -- http://www.python.org/





More information about the Python-list mailing list