Hacker News new | ask | show | jobs
by aaronblohowiak 5072 days ago
is the badness in st_lookup or rb_enc_str_new ? I haven't traced the execution deep enough to see where things go south...
2 comments
aaronblohowiak 5072 days ago
Oh wait, i get it. every symbolized string is added to the global symbol table, so you can basically make rails devour incredible amounts of memory by sending it new values. neat.
link
tptacek 5072 days ago
There are worse problems than that, I think.
link
tptacek 5072 days ago
There's badness just in rb_intern, at least in 187.

MRI scares the bejeezus out of me.

link
jballanc 5072 days ago
I vaguely recall somewhere that Matz commented about how he felt that he was a good language designer, but not necessarily a good language implementor. I've always felt that MRI should be treated as a reference implementation, and the fact that there aren't more alternate implementations of Ruby is a (maybe sad?) reflection on the Ruby community.
link
aaronblohowiak 5072 days ago
Oh, I'll have to give it another look.

JRuby also suffers from the global symbol table =( so it does not avoid the potential denial attack through symbolizing..

link