On Mon, Nov 29, 2010 at 3:36 AM, Simon Peyton-Jones
| The irony of this situation is deep. CPSA is a program that analyzes | cryptographic protocols in an effort to expose security flaws. To | ensure that the program does not crash a user's machine, I have to use | a linker option that may expose the user to some security problems.
Do you have an alternative to suggest? After all, the previous situation wasn't good either.
At the time I wrote the above paragraph, I didn't know what security flaw was being addressed. Given that my program would not be used in a risky situation, there is no reason I can't just add the option that turns on runtime flags. But that doesn't address your real question, what to do about Haskell programs that are vulnerable to unauthorized changes to its runtime flags, but which might take input that makes it use up all available swap space. If supplying a special memory limiting flag that is always available is not an option, I can see only one other solution. Somehow the default behavior of the runtime system must impose some reasonable limit. Here is the problem with this suggestion. When I first ran into the memory exhaustion problem, and reported it, I received what I thought was a carefully reasoned explanation as to why choosing a default memory limit was difficult, at least on Linux. The trouble is, I cannot remember the details of explanation nor its author. Sorry to be short of important details. John