-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 13 February 2003 07:24 pm, Mark J Roberts wrote: > bdonlan: > > And let it at the kernel stack? _BAD_ idea. It can still use > > printf/scanf to sniff your password anyway. > > No, it can't, becuase it will only prompt for input through your > uploaded interface function. There are innumerable other cases where > security is greatly enhanced by ensuring that a capability may only > be used through a specific, predefined interface.
Use an interpreted language. They'll prevent buffer overflows and you can unimplement unallowed functions. > The uploaded code would be executed in the same context as the > process that uploads and calls it, and would present no security > risk in excess of the capabilities specifically granted it. [snip] > This is only one approach, and the overhead of verifying checksums > may make it a bad one. Copying uploaded functions to a read-only > buffer of some sort to ensure against tampering is another solution; > the constant here is that capabilities can be doled out on a > fine-grained basis to various parts of your code. Just mark the code read-only, and the stack non-executable. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+TDgCx533NjVSos4RAthTAKCPU85OxFXNWJAwfqAaYV+NBEtaugCghjku OTA816gLiGkAKZ7a2dw/MzQ= =+ksJ -----END PGP SIGNATURE----- _______________________________________________ devl mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org:8080/cgi-bin/mailman/listinfo/devl
