[DGD] Melville under the Kernel Lib

Noah Gibbs noah_gibbs at yahoo.com
Fri Feb 6 14:44:09 CET 2004 

--- "Felix A. Croes" <felix at dworkin.nl> wrote:
>  - Resource management and measurement.  This is
>    absolutely essential for
>    a persistent mud with guest programmers (think
>    of LambdaMOO), and useful but not required in
>    other cases.

  I have a question along these lines.  It's been brewing awhile.  I
really like the idea of guest programmers, including builder
programmers and other "less-privileged" sorts of programmers.  It's why
I started using DGD originally.

  You've provided a great way to limit processor use and stack use
(rlimits) for guest scripts.  You've provided a good way to vet most
privileged operations (secondary AUTO objects).  You've provided ways
to limit use of call_outs, cloning of objects and other things that can
cause problems.  All of this is very good, and some is impossible
without language support.  Well done.

  However, I see one remaining obvious attack on DGD and I don't yet
see how to address it.  Imagine you provide builders with the ability
to write an object or the equivalent, such as the Kernel Library's code
command.  The obvious attack on DGD would be to allocate an array, put
big strings in N-1 of its elements, allocate another array, put it into
the final element, and recurse.  In other words, produce an object out
of things other than heavyweight DGD objects, and make sure that object
is very large.

  If that's true, won't the object take an unbounded number of sectors?
 If it does, DGD will run out of sectors and halt.  Not crash exactly,
but it won't stay up and running, either.

  Is there any way to defend against this attack while still allowing
guest code?  The status() command isn't much use because the attack
takes place entirely within a single thread of execution, and without
necessarily exceeding any tick limits...


=====


__________________________________
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online.
http://taxes.yahoo.com/filing.html
_________________________________________________________________
List config page:  http://list.imaginary.com/mailman/listinfo/dgd

More information about the DGD mailing list