Re^6: trouble with packages/eval/variable-scoping

> keeping it safe is not trivial

If a program is saved in a user's directory and only accessible with his credentials I wonder what kind of vector you see that is not already open for other apps?

Cheers Rolf
_{(addicted to the Perl Programming Language :)

see Wikisyntax for the Monastery}

Comment on Re^6: trouble with packages/eval/variable-scoping

Replies are listed 'Best First'.
Re^7: trouble with packages/eval/variable-scoping by hippo (Archbishop) on Aug 30, 2024 at 13:58 UTC
It is dynamic code being generated on the fly and so is susceptible to either malignancy or accident even before being saved. And being saved, apparently without locking, it is also potentially subject to corruption at that point too. There are surely other avenues which don't immediately spring to mind as well. Defensive programming when running dynamic code from a tainted (in the sense of taint mode) source is very difficult and how much time and effort you want to spend statically analysing it before running or cryptographically verifying or whatever is going to depend on the value of the system and the cost of it all going horribly wrong. It boils down to three basic scenarios: The effort is worth it, so you put in the hard work to secure it AFAP. The effort is not worth it but the risk is acceptable, so you live with it and just keep your fingers crossed. The effort is not worth it and the risk is unacceptable so you just don't run the untrusted code and find some other way instead. 🦛	[reply]

Replies are listed 'Best First'.

Re^7: trouble with packages/eval/variable-scoping
by hippo (Archbishop) on Aug 30, 2024 at 13:58 UTC

It is dynamic code being generated on the fly and so is susceptible to either malignancy or accident even before being saved. And being saved, apparently without locking, it is also potentially subject to corruption at that point too. There are surely other avenues which don't immediately spring to mind as well.

Defensive programming when running dynamic code from a tainted (in the sense of taint mode) source is very difficult and how much time and effort you want to spend statically analysing it before running or cryptographically verifying or whatever is going to depend on the value of the system and the cost of it all going horribly wrong. It boils down to three basic scenarios:

The effort is worth it, so you put in the hard work to secure it AFAP.
The effort is not worth it but the risk is acceptable, so you live with it and just keep your fingers crossed.
The effort is not worth it and the risk is unacceptable so you just don't run the untrusted code and find some other way instead.

🦛

[reply]