[e-lang] Newbie question

Kevin Reid kpreid at attglobal.net
Mon Apr 17 10:58:32 EDT 2006


On Apr 17, 2006, at 10:21, Mariano Montone wrote:

> Sorry, I have one more question (at the moment :P).
> What happens if I do this?:
>
> carRcvr <- __whenMoreResolved(def deliverer implements PassByCopy {
>                                  to run(target) :void {
>                                    if (Ref.isEventual(target)) {
>                                      target <- \
>                                        __whenMoreResolved(deliverer)
>                                    } else {
>                                      while(true){}
>                                    }
>                                  }
>                                })
>
> Am I blocking the car vat?

Yes.

> If that's true then I may program a malicious object.

Yes. Vats accepting mobile code objects are vulnerable to such denial- 
of-service attacks.

The semi-safe middle ground is accepting PassByCopy objects with  
already-known makers -- such as introducing a separate object to make  
the 'deliverer' in my example.
<http://www.eros-os.org/pipermail/e-lang/2006-March/011166.html>

Since these objects can only deliver a finite set of messages to  
already-known receivers, they cannot be used to create infinite  
loops, unless the vat has published its __loop object (which is used  
to implement 'while').

However, even if this particular problem is avoided, a vat can still  
be slowed by flooding it with expensive-to-process messages.

The general solution is to use intermediate vats between clients and  
vats running shared services. The intermediate vats can be killed by  
resource limits without disturbing other users of the service.

-- 
Kevin Reid                            <http://homepage.mac.com/kpreid/>




More information about the e-lang mailing list