hi, i've uploaded the jdk patch here, along with explanation
and testing code:
http://mqlx.com/~nix/jvm-alloc-patch-2008-08-17.tgz
as far as open-sourcing the rest of acre, right now we're
focused on getting a live service running. we are committed
to making a source code release, but i think it will be about
a month before we get cycles for it. your interest helps!
nick
Jong Hian Zin wrote:
> Hi Nick,
>
> I would love to try out the OpenJDK patch, how can I get access to
> it? Also, a couple months ago you mentioned about open sourcing Acre,
> any news on this?
>
> On Aug 17, 9:11 am, Nick Thompson <[EMAIL PROTECTED]> wrote:
>> You can ask for a callback every N "instructions" and stop
>> infinite loops in JS. You have to be careful which Java
>> libraries you allow access to though, some of them may
>> contain DoS issues. A supervisor thread could watch for
>> sneakier runaway user threads and kill them, but Rhino
>> has no built-in support for this.
>>
>> Stopping memory DoS is thornier. For Acre we have a patch to
>> OpenJDK that enforces a per-thread memory allocation limit.
>> Since we don't allow untrusted code to create threads this
>> gets the job done. We'd be very happy to have more people
>> using the patch, but it does require compiling your own JVM.
>>
>> nick
>>
>> ian wrote:
>>> Hi, I'm interested in using Rhino to run untrusted code but I'm
>>> curious as to how to prevent this code from doing evil things, in
>>> particular stuff like busy-wait loops to do a CPU DoS, or
>>> alternatively a memory-DoS.
>>> Is this possible with Rhino?
>>> Regards,
>
> _______________________________________________
> dev-tech-js-engine-rhino mailing list
> [email protected]
> https://lists.mozilla.org/listinfo/dev-tech-js-engine-rhino
_______________________________________________
dev-tech-js-engine-rhino mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-js-engine-rhino
