[LLVMdev] JIT and security
Chris Lattner
clattner at apple.com
Sun Oct 18 21:06:48 PDT 2009
On Oct 18, 2009, at 1:46 PM, Oleg Knut wrote:
> Hello,
>
> I'm writing JIT compiler that will run a third party code. My goal is
> to build it with security layer that will allow me to prevent some
> basic operation that possibly can harm JIT application host computer.
>
> Maybe some of you can guide me on how to do following operations:
> 1) prevent system calls
> 2) memory allocation management (set some limits that can't be used
> by JIT)
> 3) CPU power limiting
>
> I have a guess on how to prevent system calls or some known function
> calls by parsing IR and picking up functions calls that maybe
> unwanted. Another way is to check list of functions in object model.
> Maybe there is already implemented mechanism like that. So, anyone
> could give me a clue.
Hi Oleg,
I don't think that a JIT has anything to do with this. These are all
properties of the code running in the JIT (e.g. C, Java, etc). If you
can solve these (hard!) problems in a statically compiled language,
the solutions would translate over directly.
-Chris
>
> About RAM and CPU management I have no idea how to do that.
>
> Ideally my JIT compiler have to become a BlackBox, that hosting party
> can configure to his needs.
>
> I hope I can find some help here. That would be great!
>
> Thank you for your time,
> Oleg.
> _______________________________________________
> LLVM Developers mailing list
> LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev
More information about the llvm-dev
mailing list