On Fri, Apr 4, 2014 at 11:17 AM, Raoul Duke <[email protected]> wrote:
> hmm, security is a large topic. denial of resources like hogging the > cpu can matter. yes the "system" should handle that better, but it > probably doesn't. :-} so if i can sneakritly compile an infinite tight > loop and execute it, that probably sucks. Yes. But I could have done that with normally compiled code. It's not a *new* issue that is introduced by runtime compilation. There is a *slightly* new issue here, in that the static code may be found (in some cases) by inspection where the dynamic code might not. Except that this turns out not to be that big a difference after all, because it's pretty easy to slip things past reviewers in static code. Easier in dynamic code? Yes. Enough so that we should view this as a marginal risk? In my opinion, "no". shap
_______________________________________________ bitc-dev mailing list [email protected] http://www.coyotos.org/mailman/listinfo/bitc-dev
