On Tue, Jun 30, 2009 at 12:16 PM, Brion Vibber<br...@wikimedia.org> wrote:
> As many folks have noted, our current templating system works ok for
> simple things, but doesn't scale well -- even moderately complex
> conditionals or text-munging will quickly turn your template source into
> what appears to be line noise.
>
> And we all thought Perl was bad! ;)
>
> There's been talk of Lua as an embedded templating language for a while,
> and there's even an extension implementation.
>
> One advantage of Lua over other languages is that its implementation is
> optimized for use as an embedded language, and it looks kind of pretty.
[snip]
So— Any thoughts on how you address the universal problem of the DOS
attack script?
I.e.
myscript:
do {
some_expensive_operation(); /* Presumably there will be hooks to pull
text from other revisions */
} while (1);
and in [[Template:Widely used]]
{{myscript}}
I'm of the impression that simply setting a limits on CPU and memory
isn't sufficient to address this, because the reasonable limit will be
high enough to be dangerous when the object is added to 100k pages,
while a limit low enough to be safe everywhere will be far too
constraining and likely to fail at random depending on overall system
load.
> Disadvantage: Like PHP, Python is difficult to lock down securely.
I don't know that difficult is really the right description here.
People willing to spend far more effort on this than you probably are
have tried to sandbox python and failed. I don't believe there is any
real production grade support for the level of lockdown required for
either PHP or Python. And I'd worry that any PHP implementations of
the sandboxed languages might lose the battle tested sandboxing.
It's acceptable for mediawiki to fall back to lower performing
alternatives when c modules can't be used, but I doubt its acceptable
to fall back to less secure ones!
Is execution in enviroments where c modules are not possible actually
a hard requirement? If it is I think this is a non-starter.
_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
