elisp-sandbox icon indicating copy to clipboard operation
elisp-sandbox copied to clipboard

Published 20 hours ago verified publisher icon joelmccracken

DoS attack vectors

Open joelmccracken opened this issue 12 years ago • 1 comments

Do you have any thoughts on DoS attack vectors? I'm especially concerned about specifics to the implementation of Emacs which makes some things problematic.

One thing that comes to mind, for example, is how Ruby doesn't garbage collect symbols. Thus, if untrusted code can create symbols, we have a DoS attack.

This seems really similar to Emacs' obarray. If we ever provided anything like setq for the users, we need to be careful not to actually add content obarray, or if we do, to make sure it gets cleaned up afterwards.

Any thoughts?

joelmccracken avatar Feb 12 '13 15:02 joelmccracken

What does erbot do? erbot seems pretty safe since it runs on a public channel.

I don't plan to ever run a jail anywhere else than in a separate emacs process just for the purpose. So there's always the possibility of just killing something and re-establishing it. My main concern is functional safety - that I be in control, through the sandbox, what functions from the environment people can use.

I'm also concerned that any such emacs processes would not become snow flakes. So it would be a policy to dispose of them regularly and this would fix GC and other problems like that.

nicferrier avatar Feb 13 '13 12:02 nicferrier