[fpc-pascal] Remote FreePascal compile service, feedback requested
Marco van de Voort
marcov at stack.nl
Mon Dec 5 16:26:54 CET 2005
> Furthermore, we plan to support several versions of FreePascal in
> parallel. That way, it may also be useful to the FreePascal community.
> E.g. when diagnosing a problem.
>
> Here are some questions:
>
> 1. Do you think this service would be useful?
Yes. Also for us, since this allows users to evaluate compilation with
several versions. (e.g. last release, last known good snapshot, relative
recent (SVN) version of each branch)
> 2. Do you think the interface described above is good enough?
> Suggestions for refinements would be appreciated.
As a design parameter, keep the possibility to use two or more builds of
the same version. This mainly for SVN versions.
> 3. Are there any security risks that we may have overlooked?
> Of course, we will impose certain limitation to avoid resource
> hogging. But maybe there are ways to put together a malicious
> source file that makes the compiler misbehave ...
Make sure the mem limits are tight enough, and guard against a lot of
requests in rapid order. (some ratelimiting?)
The basic problem is user spawning processes that use tons of memory. Has
written "denial of service" written all over it with capital z.
Maybe there is some excuting possible via windres and via the linker call.
(those contain program execution, some of those might use shell; shell code
injection?)
More information about the fpc-pascal
mailing list