Compile time module fabrication / atom creation / DoS

[Elliot Crosby-McCullough]

Hi there,

I'm putting together a system on top of Elixir which allows people to compile limited-featured modules and run them in a sandbox, however the only way I've found to dynamically name modules is by unquoting namespaced atoms into the quoted module definition.

Even assuming otherwise perfect isolation of one user's runtime from another, the generation of an arbitrary number of atoms (even if I controlled the naming) a user could feasibly DoS the compiler box and/or share a library designed to DoS a user's isolated environment.

I could just set an arbitrary maximum module count, but I'm if there's a more elegant solution, or perhaps whether I'm going about creating modules in the wrong way to start with.

Any thoughts?

Regards,

Elliot

[José Valim]

Hi,

There are other problems you need to consider besides module names. In their code, whatever variable name they use will also be converted to atoms, as well as function calls and so on. I don't know your problem domain so I can't offer other solutions. Maybe a complete sandbox or something more like a configuration file instead of a whole language would better solve the problem at hand.

José Valim

www.plataformatec.com.br

Skype: jv.ptec

Founder and Lead Developer

--
You received this message because you are subscribed to the Google Groups "elixir-lang-talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elixir-lang-ta...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elixir-lang-talk/d96d67b2-2ef5-42fe-9c97-7f5b33dd4d9b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.