[Haskell-cafe] GHC 7.0.1 developer challenges

John D. Ramsdell ramsdell0 at gmail.com
Mon Nov 29 22:00:19 CET 2010

On Mon, Nov 29, 2010 at 3:36 AM, Simon Peyton-Jones
<simonpj at microsoft.com> wrote:
> | The irony of this situation is deep.  CPSA is a program that analyzes
> | cryptographic protocols in an effort to expose security flaws.  To
> | ensure that the program does not crash a user's machine, I have to use
> | a linker option that may expose the user to some security problems.
> Do you have an alternative to suggest?  After all, the previous situation wasn't good either.

At the time I wrote the above paragraph, I didn't know what security
flaw was being addressed.  Given that my program would not be used in
a risky situation, there is no reason I can't just add the option that
turns on runtime flags.  But that doesn't address your real question,
what to do about Haskell programs that are vulnerable to unauthorized
changes to its runtime flags, but which might take input that makes it
use up all available swap space.  If supplying a special memory
limiting flag that is always available is not an option, I can see
only one other solution.  Somehow the default behavior of the runtime
system must impose some reasonable limit.  Here is the problem with
this suggestion.  When I first ran into the memory exhaustion problem,
and reported it, I received what I thought was a carefully reasoned
explanation as to why choosing a default memory limit was difficult,
at least on Linux.  The trouble is, I cannot remember the details of
explanation nor its author.  Sorry to be short of important details.


More information about the Haskell-Cafe mailing list