Re: Self-modifying code, Function pointers & { Safety, Security}

Kaz Kylheku <kaz@kylheku.com>
Sun, 9 Mar 2014 20:36:27 +0000 (UTC)

          From comp.compilers

Related articles
Self-modifying code, Function pointers & { Safety, Security} seimarao@gmail.com (Seima Rao) (2014-03-07)
Re: Self-modifying code, Function pointers & { Safety, Security} kaz@kylheku.com (Kaz Kylheku) (2014-03-09)
Re: Self-modifying code, Function pointers & { Safety, Security} martin@gkc.org.uk (Martin Ward) (2014-03-14)
Re: Self-modifying code, Function pointers & { Safety, Security} tenger@iseries-guru.com (Terrence Enger) (2014-03-15)
Re: Self-modifying code, Function pointers & { Safety, Security} seimarao@gmail.com (2014-03-20)
Re: Self-modifying code, Function pointers & { Safety, Security} federation2005@netzero.com (2014-04-13)
Re: Self-modifying code, Function pointers & { Safety, Security} monnier@iro.umontreal.ca (Stefan Monnier) (2014-04-16)
| List of all articles for this month |

From: Kaz Kylheku <kaz@kylheku.com>
Newsgroups: comp.compilers
Date: Sun, 9 Mar 2014 20:36:27 +0000 (UTC)
Organization: Aioe.org NNTP Server
References: 14-03-015
Keywords: code, design
Posted-Date: 10 Mar 2014 07:38:54 EDT

On 2014-03-07, Seima Rao <seimarao@gmail.com> wrote:
> Hi,
>
> We are used to separation of code from data at the language level.


Those "we" who don't use Lisp and related languages.


> However, two features disupt security :
>
> i) self-modifying code
>
> i.e. writing to code space


Note that loading an executable on any operating system constitutes
the above.


The solution for that is supposed to be a web of trust. You load only
code that is trusted somehow.


> ii) functions residing in data space
>
> Are there safety & security solutions possible for the above two
> safety, security holes ?


You can have a compiler built into our language for dynamically compiling code.
That compiler can "sandbox" dynamic programs into not doing anything "bad": it
can avoid exposing certain functions or operators to them.


E.g. in Lisp we have the compile function, but that provides access to the
full language, including all implementation-specific escape hatches, like
foreign function calling or whatever.


However, we can make a function "my-compile" which accepts only a strictly
sandboxed dialect, translates it to the regular Lisp (or at least the
parts of it that differ, if any) and then hands it to the compile function.


Dynamically compiled regular expressions are an example of this. You can hardly
reformat the proverbial disk out of a regex, unless it has some exploitable
hole not related to the semantics of regex. A regex is a severely sandboxed,
dynamically compiled language which can be translated all the way down to
machine code that can be trusted.


--
Music DIY Mailing List: http://www.kylheku.com/diy
ADA MP-1 Mailing List: http://www.kylheku.com/mp1



Post a followup to this message

Return to the comp.compilers page.
Search the comp.compilers archives again.