[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Secure evaluation

From: David Allouche
Subject: Re: Secure evaluation
Date: Tue, 15 Jul 2003 10:01:05 +0200
User-agent: Mutt/1.5.4i

On Mon, Jul 14, 2003 at 11:43:46AM -0400, Paul Jarc wrote:
> David Allouche <address@hidden> wrote:
> > But maybe I am misunderstanding how SET! interacts with modules (I
> > have not tested) and maybe it is not possible to modify another module
> > by SET!ing an imported binding.
> It is not possible with set!, but it is possible with module-set!.
> Compound objects can also be modified with set-cdr!, etc., regardless
> of which module the object comes from.

So untrusted code must not be allowed to use code which has global and
publicly modifiable state (yuck!). And probably even indirectly
modifiable state, too.

So maybe all state should be completely private. Besides, it's
probably a better design almost every time.

PS [OT]: I just figured out that you can use file reading from
untrusted code to effect trusted code, in the case where the file
being read actually is a pipe. Thus, pipes must be open with exclusive
access (hoping I am not saying something stupid).

                                                            -- ddaa

reply via email to

[Prev in Thread] Current Thread [Next in Thread]