[fpc-pascal] Remote FreePascal compile service, feedback requested
Michael Van Canneyt
michael at freepascal.org
Mon Dec 5 18:52:34 CET 2005
On Mon, 5 Dec 2005, L505 wrote:
>
>
> > > Don't make all distributed units available, and forbid the use of some
> > > units. You don't want people opening an FTP socket and download 24G on
> > > your machine.
> > >
> > > Even then, people could create a unit that makes direct kernel
> > > calls, or
> > > link to C. I would disallow use of the external keyword, {$L} and
> > > {$Linklib }
> > > statements in sources. So you'll definitely need some preprocessing.
> >
> > He only wants to allow remote compiling, not remote running. He
> > wonders whether the compiler contains security holes that could be
> > triggered by feeding it illegal source code. The answer is that it is
> > that the compiler still contains errors which can cause it to crash
> > in some situations, so it may be possible for specially grafted
> > source code to make the compiler do all sorts of naughty things. I
> > have not yet seen any examples of this, however.
> >
>
> - Macros, never ending loops...
>
> - Huge source files (copy and paste 6,000,000 lines into the edit box).
The compiler should compile that in minutes on any recent machine :-)
And you can limit the edit box length. Standard web practice, I'd say ?
One could of course forge a web request.
Michael.
More information about the fpc-pascal
mailing list