函数式编程范例中的漏洞? [英] Vulnerability in the functional programming paradigm?
问题描述
如果不考虑编译器,解释器或执行环境中存在漏洞的可能性,是否存在任何形式的函数式编程范例中存在的安全漏洞?在函数式编程中是否存在特定类型的漏洞,而不是命令式编程中的漏洞? 预计 [某些输入] 可能会导致 [程序] 消耗更多可用资源,这是可能的DoS形式的漏洞。这是我见过的所有图灵完备语言的一个弱点,但Haskell的懒惰使得很难推断计算涉及什么。 作为一个(相当人为的)例如, 程序员可能会认为,Haskell是懒惰的,所以它不会打开并读取文件,直到它需要,并且Haskell被垃圾收集,所以一旦它完成了一个文件,它就可以关闭文件句柄。不幸的是,这个程序实际上会一次打开大量文件(特定于实现),只有空文件才会关闭文件句柄(执行活动规则的副作用): 您可能不会期望发生-EMFILE太多打开的文件错误。 就像我说的,t他是一个人为的例子,也可以在其他语言中发生,但是更容易错过Haskell中的某些资源使用。 A few days ago, there were a couple questions on buffer overflow vulnerabilities (such as Does Java have buffer overflows?, Secure C and the universities - trained for buffer overflow, to name a couple) which can happen in imperative programming languages such as C. In functional programming, (from the very limited exposure I've had from trying out Haskell), I can see how vulnerabilities such as buffer overflow wouldn't occur because those problems are a result of changing the state of a program or an area of memory. (Please correct me if I am wrong.) Without accounting for the possiblity of vulnerabilities present in the compiler, interpreter or execution environment, are there any kind of security vulnerabilities that exist in the functional programming paradigm? Are there any specific types of vulnerabilities that exist in functional programming but not in imperative programming? If the programmer doesn't anticipate that [some input] could cause [program] to consume more-than-available resources, that's a vulnerability in the form of a possible DoS. This is a weakness of all Turing-complete languages I've seen, but Haskell's laziness makes it harder to reason about what a computation involves. As a (rather contrived) example, The naïve programmer may think, "Haskell is lazy, so it won't open and read the files until it needs to", and "Haskell is garbage collected, so once it's done with a file, it can close the file handle". Unfortunately, this program actually will just open lots of files all at once (implementation-specific), and only the empty files will get their filehandles closed (side-effect of implementation's liveliness rules): You might not be expecting a -EMFILE "Too many open files" error to ever occur. Like I said, this is a contrived example, and can happen in other languages too, but it's just easier to miss certain resource usages in Haskell. 这篇关于函数式编程范例中的漏洞?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
import Control.Monad(when)
import System(getArgs)
main = do
文件< - getArgs
内容< - mapM readFile文件
翻转mapM_(zip文件内容)$ \(file,content) - >
when(null content)$ putStrLn $ file ++is empty
$ ghc --make -O2测试
[1之1]编译Main(Test.hs,Test.o)
链接测试...
$ strace -etrace = open,close ./Test dir / * / dev / null
...
open(dir / 1,O_RDONLY | O_NOCTTY | O_NONBLOCK | O_LARGEFILE)= 3
open(dir / 2,O_RDONLY | O_NOCTTY | O_NONBLOCK | O_LARGEFILE)= 4
open(dir / 3,O_RDONLY | O_NOCTTY | O_NONBLOCK | O_LARGEFILE)= 5
open(dir / 4 ,O_RDONLY | O_NOCTTY | O_NONBLOCK | O_LARGEFILE)= 6
open(dir / 5,O_RDONLY | O_NOCTTY | O_NONBLOCK | O_LARGEFILE)= 7
...
open(/ dev / null,O_RDONLY | O_NOCTTY | O_NONBLOCK | O_LARGEFILE)= 255
close(255)
/ dev / null为空
$
import Control.Monad (when)
import System (getArgs)
main = do
files <- getArgs
contents <- mapM readFile files
flip mapM_ (zip files contents) $ \(file, content) ->
when (null content) $ putStrLn $ file ++ " is empty"
$ ghc --make -O2 Test
[1 of 1] Compiling Main ( Test.hs, Test.o )
Linking Test ...
$ strace -etrace=open,close ./Test dir/* /dev/null
...
open("dir/1", O_RDONLY|O_NOCTTY|O_NONBLOCK|O_LARGEFILE) = 3
open("dir/2", O_RDONLY|O_NOCTTY|O_NONBLOCK|O_LARGEFILE) = 4
open("dir/3", O_RDONLY|O_NOCTTY|O_NONBLOCK|O_LARGEFILE) = 5
open("dir/4", O_RDONLY|O_NOCTTY|O_NONBLOCK|O_LARGEFILE) = 6
open("dir/5", O_RDONLY|O_NOCTTY|O_NONBLOCK|O_LARGEFILE) = 7
...
open("/dev/null", O_RDONLY|O_NOCTTY|O_NONBLOCK|O_LARGEFILE) = 255
close(255)
/dev/null is empty
$