[e-lang] Newbie question
Kevin Reid
kpreid at attglobal.net
Mon Apr 17 10:58:32 EDT 2006
On Apr 17, 2006, at 10:21, Mariano Montone wrote:
> Sorry, I have one more question (at the moment :P).
> What happens if I do this?:
>
> carRcvr <- __whenMoreResolved(def deliverer implements PassByCopy {
> to run(target) :void {
> if (Ref.isEventual(target)) {
> target <- \
> __whenMoreResolved(deliverer)
> } else {
> while(true){}
> }
> }
> })
>
> Am I blocking the car vat?
Yes.
> If that's true then I may program a malicious object.
Yes. Vats accepting mobile code objects are vulnerable to such denial-
of-service attacks.
The semi-safe middle ground is accepting PassByCopy objects with
already-known makers -- such as introducing a separate object to make
the 'deliverer' in my example.
<http://www.eros-os.org/pipermail/e-lang/2006-March/011166.html>
Since these objects can only deliver a finite set of messages to
already-known receivers, they cannot be used to create infinite
loops, unless the vat has published its __loop object (which is used
to implement 'while').
However, even if this particular problem is avoided, a vat can still
be slowed by flooding it with expensive-to-process messages.
The general solution is to use intermediate vats between clients and
vats running shared services. The intermediate vats can be killed by
resource limits without disturbing other users of the service.
--
Kevin Reid <http://homepage.mac.com/kpreid/>
More information about the e-lang
mailing list