[fpc-pascal] Remote FreePascal compile service, feedback requested
L505
fpc505 at z505.com
Mon Dec 5 18:56:53 CET 2005
> > Don't make all distributed units available, and forbid the use of some
> > units. You don't want people opening an FTP socket and download 24G on
> > your machine.
> >
> > Even then, people could create a unit that makes direct kernel
> > calls, or
> > link to C. I would disallow use of the external keyword, {$L} and
> > {$Linklib }
> > statements in sources. So you'll definitely need some preprocessing.
>
> He only wants to allow remote compiling, not remote running. He
> wonders whether the compiler contains security holes that could be
> triggered by feeding it illegal source code. The answer is that it is
> that the compiler still contains errors which can cause it to crash
> in some situations, so it may be possible for specially grafted
> source code to make the compiler do all sorts of naughty things. I
> have not yet seen any examples of this, however.
>
- Macros, never ending loops...
- Huge source files (copy and paste 6,000,000 lines into the edit box).
More information about the fpc-pascal
mailing list