[langsec-discuss] Computational Power of Restricted Languages
D J Capelis
mail at capelis.dj
Thu Nov 13 01:18:58 UTC 2014
On Wednesday, November 12, 2014, Andrew <munin at mimisbrunnr.net> wrote:
> For example, you could make a lambda calculus interpreter in OCaml and
> host it on the Internet. You could allow it to process arbitrary strings
> from any individual on the Internet. I am extremely confident that this
> would not produce any security problems for you beyond availability
> problems resulting from non-divergent programs. You can work around this
> by killing the interpreter after 10 minutes or something.
> This is where hackers say "oh but there could be bugs in ocamlyacc
> generated ML code that results in code exec" or "oh but you could have a
> CPU bug that I could get to by doing any computation" but I'm extremely
This type of logic is *exactly* what leads people to happily put new weird
machines in places they shouldn't.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the langsec-discuss