[langsec-discuss] Computational Power of Restricted Languages

D J Capelis mail at capelis.dj
Thu Nov 13 01:18:58 UTC 2014


On Wednesday, November 12, 2014, Andrew <munin at mimisbrunnr.net> wrote:
>
> For example, you could make a lambda calculus interpreter in OCaml and
> host it on the Internet. You could allow it to process arbitrary strings
> from any individual on the Internet. I am extremely confident that this
> would not produce any security problems for you beyond availability
> problems resulting from non-divergent programs. You can work around this
> by killing the interpreter after 10 minutes or something.



> This is where hackers say "oh but there could be bugs in ocamlyacc
> generated ML code that results in code exec" or "oh but you could have a
> CPU bug that I could get to by doing any computation" but I'm extremely
> skeptical.
>

This type of logic is *exactly* what leads people to happily put new weird
machines in places they shouldn't.

~djc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.langsec.org/pipermail/langsec-discuss/attachments/20141112/ecfebfd5/attachment.html>


More information about the langsec-discuss mailing list