[zeromq-dev] Vulnerability of devices to incoming messages
Brian Granger
ellisonbg at gmail.com
Thu Aug 12 00:13:23 CEST 2010
On Wed, Aug 11, 2010 at 3:01 PM, Pieter Hintjens <ph at imatix.com> wrote:
> On Wed, Aug 11, 2010 at 11:49 PM, Brian Granger <ellisonbg at gmail.com>
> wrote:
>
> > I think the core question that this bug brings up is the following:
> > In what situations do we want a 0MQ process to crash?
> > Here is my simple answer: never
>
> Here's my view.
>
> Processes should be as vulnerable as possible to internal errors, and
> as robust as possible against external attacks and errors. To give an
> analogy, a living cell will self-destruct if it detects a single
> internal error, yet it will resist attack from the outside by all
> means possible.
>
>
This is a very nice way of putting it!
> Assertions are absolutely vital to robust code, they just have to be
> on the right side of the cellular wall. (And there should be such a
> wall, if it's unclear whether a fault is internal or external, the
> design is broken IMO.)
>
>
Yes, and I think the current issue is on the wrong side of the wall.
> It definitely seems more useful that zmq_send() returns an error
> rather than silently dropping a message it can't process, and I'll
> take a look at that tomorrow. It needs Sustrik's input, he presumably
> has some reason for the current strategy.
>
>
I think I agree with this, but maybe there is a reason it can't be done
cleanly.
Cheers and thanks for your help on this one.
Cheers,
Brian
> -Pieter
>
--
Brian E. Granger, Ph.D.
Assistant Professor of Physics
Cal Poly State University, San Luis Obispo
bgranger at calpoly.edu
ellisonbg at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20100811/e8fccb34/attachment.htm>
More information about the zeromq-dev
mailing list