I like the idea. This would be a great feature for
SpamAssassin, of
course...
--j.
Steffen Ullrich writes:
> Hi,
> At the german perl workshop Yves Orton had a talk about
perl 5.10 Regex
> and asked for more feature request. Here is one which
he said should
> be submitted to perl5-porters.
>
> Thanks,
> Steffen Ullrich (cpan: SULLR)
>
> ----
> Abstract:
> perl5 Regex a powerful but uncontrollable.
>
>
> Details:
>
> It's easy to write a perl regex which looks simple and
right on
> the first view but can grab lots of memory or run for
ages given
> unexpected input.
>
> Unexpected input will be the case in a lot of cases,
like talking
> with an SMTP,WWW,whatever server which is not
controlled by yourself,
> parsing user input in CGI scripts etc.
>
> So it would be a valuable security feature like taint
if you could
> restrict the maximum amount of resources used inside a
regex. This
> would be the amount of memory grabbed during the regex
run and
> the time the regex needs (e.g. the number of operations
to run the
> regex).
>
> It would be useful to have a global restriction which
might be
> locally overwritten (e.g. some regex are more complex
and will
> need more resources). It might be useful to have a
seperate
> global restriction for tainted input.
> To efficiently restrict resources there need to be an
easy way
> to estimate the resources a regex needs on expected
input.
>
> --
|