RE: RE: Challenges

Replies are listed 'Best First'.
RE:(3) Challenges by Russ (Deacon) on Jun 29, 2000 at 10:25 UTC
Well, how much do you trust taint mode? Knowing that anyone could upload any code and execute it... <nobr>`system('rm -fr /')`</nobr> would probably not make it past Taint (and `nobody` lacks permissions to do this, anyway), but I wouldn't sleep well at night... How about Denial of Service? `while (1) { $Str .= 'A few more bytes consumed'; }` [download] I wouldn't want to allow arbitrary code on any of my servers... Now, recent experience has shown me that there are a large number of monks willing and eager to benchmark code and post the results. I think a section like the one you describe would be quite popular. Russ	[reply] [d/l]
RE: RE:(3) Challenges by Aighearach (Initiate) on Jun 29, 2000 at 11:04 UTC
>Well, how much do you trust taint mode? Like I said, you could run it inside a wrapper. No need at all to trust taint mode. >How about Denial of Service? How about it? That's a threat always. And, you just put a limit on how many times each user can submit code for benchmarking. Also, you could make it so that anybody under level 4 or 5 would have to have the code approved by somebody higher, before the benchmarking ran. Security is a concern, but isn't it more of a hurdle than a road block? Paris Sinclair \| 4a75737420416e6f74686572 pariss@efn.org \| 205065726c204861636b6572 I wear my Geek Code on my finger.	[reply]
RE: RE: RE: Challenges by cleen (Pilgrim) on Jun 29, 2000 at 10:25 UTC
hmmm, in a situation where your asking for the server to execute untrusted, unknown code (to test for effiency of course) a wrapper would not be the answer...A wrapper is in most cases some type of frontend..a frontend that takes requests and looks at it and executes somthing else based on that request..or somthing like that..In this case, which I still dont think is a good idea, a highly restricted chrooted enviroment for the code to run in would be the answer...but still, not a good enough answer :)	[reply]
RE: RE: RE: RE: Challenges by Aighearach (Initiate) on Jun 29, 2000 at 11:19 UTC
>A wrapper is in most cases some type of frontend..a frontend that takes requests and looks at it and executes somthing else based on that request Well, a wrapper for a frontend would be a frontend. >highly restricted ... enviroment ... not a good enough answer It's not? Why? There are lots of servers that let people login free, with little verification, and then let users have a *nix shell of some sort. Well, a few anyway. They seem to manage fine. If they can do it, surely the legendary Perl Monks can also achieve the modest goal of benchmarking? Doing the benchmarking by hand would be much less elegant. But, still quite useful and effective. Paris Sinclair \| 4a75737420416e6f74686572 pariss@efn.org \| 205065726c204861636b6572 I wear my Geek Code on my finger.	[reply]
RE: RE: RE: RE: RE: Challenges by cleen (Pilgrim) on Jun 29, 2000 at 13:00 UTC
Im not stating fact, but Id be suprised if these free servers dont get at least one lame attack per-day, intentinal or not. Plus you have to look at it like this: The primary role that those severs play is to let users use their system, perlmonk's primary role is to run an interactive website that allows people to share knowledge about a specific subject (perl), not to sit around and manage users. I think that acctually giving users shell accounts, is even worse then having a restricted enviroment for the execution of user-supplied code :).	[reply]
RE: RE: RE: Challenges by redmist (Deacon) on Jun 30, 2000 at 14:23 UTC
www.perlmonks.org is running FreeBSD to be precise (http://www.netcraft.com/whats/?host=www.perlmonks.org.	[reply]


No such thing as a small change
	PerlMonks