[LLVMdev] JIT and security
Renato Golin
rengolin at systemcall.org
Fri Oct 23 09:04:41 PDT 2009
2009/10/18 Oleg Knut <oleg77 at gmail.com>:
> Maybe some of you can guide me on how to do following operations:
> 1) prevent system calls
> 2) memory allocation management (set some limits that can't be used
> by JIT)
> 3) CPU power limiting
Hi Oleg,
This is totally system dependent, it'd be *very* hard to do it
multi-platform. On Unix, a good part of it is resolved with jails and
user control, so it's more of an "installation and basic checks before
runing" issue. But for Windows and Mac, I have no idea, not even if
it's possible.
Normally, the kernel will try to hide statistics of running processes
from one another and themselves, so it's very unlikely that you'll be
able to restrict CPU usage without the help of the kernel.
Memory allocation is the easiest, STL and boost are full of allocators
that you can override. I'm just not sure how far can you go when the
JIT is running and allocating huge blocks, it might be too late until
you get back to your allocation routines.
I suggest you take a look at what Java does (http://gcc.gnu.org/java/
and Sun's, if possible), they do all sorts of security checks...
cheers,
--renato
Reclaim your digital rights, eliminate DRM, learn more at
http://www.defectivebydesign.org/what_is_drm
More information about the llvm-dev
mailing list