I would go one step further and say that homoiconicity actually is an improvement. There are a dozen ways to shell out in ruby. The syntax is more complex on a number of fronts. Cleansing user input in Clojure is simpler. Clojure's regularity makes it much simpler to cleanse.
In addition: the jvm is not without its security vulnerabilities, but sand boxing on the jvm vs ruby (for instance) is a completely different animal. See clojail and other Clojure sand boxing efforts. Compare with other languages. I ran hundreds of thousands, maybe even millions at this point, of s-expressions I found while parsing the logs of the Clojure irc channel in a sandbox without fear. (http://GetClojure.org) It's surprising how simple it is to tune out potentially naughty user behavior. There were many clever attempts at breaking out of the box, but they had no chance against a properly constructed whitelist and java security policy. I've even run them without some of the safety nets in a vm and monitored network, io, and potential dos vectors. With a very simple sanitizer you can stop a sizable portion of mischievous behavior. I don't want to downplay what you're saying. We should pay attention to this kind of thing. Right now though I would be more concerned about deploy target and vm security issues than reading clever user input. Other languages provide excess amounts of syntax that makes it difficult to know everything that ought to be sanitized. Clojure makes it rather simple IMO. "(" => "" goes a long way. 2c, '(Devin Walters) > On Jan 22, 2014, at 0:14, John Wiseman <jjwise...@gmail.com> wrote: > > I don't think homoiconicity is the issue, except in a very indirect way. > > Note that Common Lisp does have a rather annoying, insecure default that did > allow the kind of attack you're talking about: *read-eval* defaults to T, > which enables the #. reader macro, which can be used to execute code when > reading input. This could have been bad news at a nuclear weapons labs. > > But note that code written in Ruby, PHP, Perl and just about every language > has had basically the exact same sort of vulnerability at some point. It's > not homoiconicity that makes it possible (or likely), it's having an > interpreter or compiler available. > > > >> On Tue, Jan 21, 2014 at 9:10 PM, Luc Prefontaine >> <lprefonta...@softaddicts.ca> wrote: >> Your last statement is incomplete. >> >> It all depends on trust. We do eval at >> runtime of code and data w/o edn >> but we know it comes from a secured >> source. >> >> Doing such thing from an unsecured >> alien source would "potentially" look insane. Lets not presume about >> the insanity of the designer w/o some deeper analysis :))) >> >> Luc P. >> >> > Hi Daniel, >> > >> > I'm not an expert in security but AFAIK this is not a problem. Every user >> > input is a string and you chose how to parse it. There is a edn reader that >> > is safe, but you can use specific parsers depending on the input. Of course >> > if you read and eval the string anything could happen, but nobody would do >> > that. >> > >> > Best, >> > mynomoto >> > >> > On Tuesday, January 21, 2014 10:22:11 PM UTC-2, Daniel Compton wrote: >> > > >> > > I've been thinking for a while about what the security implications are >> > > for a homoiconic language like Clojure where code is data and data is >> > > code. >> > > What protections do you have against malicious input being automatically >> > > evaluated by the reader? It seems like every user input would be a >> > > possible >> > > case of 'Clojure injection'. Is this an issue or am I missing something >> > > really obvious here? >> > > >> > > Thanks, Daniel. >> > > >> > >> > -- >> > -- >> > You received this message because you are subscribed to the Google >> > Groups "Clojure" group. >> > To post to this group, send email to clojure@googlegroups.com >> > Note that posts from new members are moderated - please be patient with >> > your first post. >> > To unsubscribe from this group, send email to >> > clojure+unsubscr...@googlegroups.com >> > For more options, visit this group at >> > http://groups.google.com/group/clojure?hl=en >> > --- >> > You received this message because you are subscribed to the Google Groups >> > "Clojure" group. >> > To unsubscribe from this group and stop receiving emails from it, send an >> > email to clojure+unsubscr...@googlegroups.com. >> > For more options, visit https://groups.google.com/groups/opt_out. >> > >> -- >> Luc Prefontaine<lprefonta...@softaddicts.ca> sent by ibisMail! >> >> -- >> -- >> You received this message because you are subscribed to the Google >> Groups "Clojure" group. >> To post to this group, send email to clojure@googlegroups.com >> Note that posts from new members are moderated - please be patient with your >> first post. >> To unsubscribe from this group, send email to >> clojure+unsubscr...@googlegroups.com >> For more options, visit this group at >> http://groups.google.com/group/clojure?hl=en >> --- >> You received this message because you are subscribed to the Google Groups >> "Clojure" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to clojure+unsubscr...@googlegroups.com. >> For more options, visit https://groups.google.com/groups/opt_out. > > -- > -- > You received this message because you are subscribed to the Google > Groups "Clojure" group. > To post to this group, send email to clojure@googlegroups.com > Note that posts from new members are moderated - please be patient with your > first post. > To unsubscribe from this group, send email to > clojure+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/clojure?hl=en > --- > You received this message because you are subscribed to the Google Groups > "Clojure" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to clojure+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. -- -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
