[e-lang] Bug: Non-composability of __getPropertySlot
Mark Miller
erights at gmail.com
Mon Jul 24 20:29:46 EDT 2006
On 7/24/06, Karp, Alan H <alan.karp at hp.com> wrote:
> MarkM wrote:
> >
> > Should E programs have a standard way to declare what version
> > of E they're
> > written in?
>
> Having a bit of code declare what version it was written for may be a
> convenience, but I'm concerned that it might be a security
> vulnerability. There is always the possibility of an exploitable
> implementation error. My concern is that code written for version X
> might declare itself to have been written in version Y. That would seem
> to expand the exposure dramatically.
Alan and I just talked about it, but for the record...
The key to reducing cases is to have the result of
expansion/translation, no matter what the declared version, be fed
into the Kernel-E AST evaluator, and to have that evaluator itself be
openly available. The declared version of source would only affect how
it expands to Kernel-E ASTs on a given version of E. Once expanded,
none of the further processing would be version dependent. By making
the evaluator itself openly accessible, if there's an security
vulnerability in the evaluator, it can be exploited anyway. Therefore,
there's no loss of security by putting these translating front-ends in
front of the evaluator.
--
Text by me above is hereby placed in the public domain
Cheers,
--MarkM
More information about the e-lang
mailing list