[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to")
From: |
Anselm Lingnau |
Subject: |
Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to") |
Date: |
Wed, 7 Jul 2004 10:08:01 +0200 |
User-agent: |
KMail/1.6.2 |
Jeremy Shaw wrote:
> I think the basic model is, the VM will have someway to mark commands
> as safe or unsafe. There will also be a way to set which unsafe
> commands a program can run on a per program, per command basis. This
> would allow you to implement a large number of possible security
> policies...
Sandboxing at the VM level isn't easy to get right, as, e.g., the Java folks
have found out to their chagrin.
Incidentally, the frequently-maligned language Tcl does sandboxing at what
appears to amount to the Pika level in the proposed arch-itecture, which
seems to work rather well. Too bad Tcl isn't politically acceptable for other
reasons :^)
One of the lessons to learn from the sandbox feature in Tcl is that merely
disallowing commands as »unsafe« doesn't quite cut it -- it is useful (and
often necessary) to be able to execute nominally »unsafe« commands under
carefully controlled circumstances (think of it as »user mode« vs. »kernel
mode«). Tcl distinguishes between »safe interpreters« and »trusted
interpreters«. In safe interpreters, potentially-dangerous commands are
»hidden« and cannot be used in programs running in the safe interpreter;
commands in a safe interpreter can »trap« into a trusted interpreter to do
unsafe things (where the trusted interpreter will presumably check any
arguments very carefully), and hidden commands in a safe interpreter can be
invoked from a trusted interpreter.
Personally I would much rather see arch »librified« rather than endowed with a
VM and programming language all of its own (a Tcl/Tk binding would be nice).
However, since Tom says what will happen, I just hope that the VM changes
will also indeed accelerate the librification.
Anselm
--
Anselm Lingnau ... Linup Front GmbH ... Linux-, Open-Source- & Netz-Schulungen
Linup Front GmbH, Robert-Bosch-Strasse 7, 64293 Darmstadt, Germany
address@hidden, +49(0)6151-9068-852, Fax -854, www.linupfront.de
- [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), (continued)
- [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Daniel James, 2004/07/06
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Colin Walters, 2004/07/06
- [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Daniel James, 2004/07/06
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Jeremy Shaw, 2004/07/06
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Colin Walters, 2004/07/06
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Ron Parker, 2004/07/06
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Jeremy Shaw, 2004/07/06
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Aaron Bentley, 2004/07/06
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Robert Collins, 2004/07/06
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Jeremy Shaw, 2004/07/06
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"),
Anselm Lingnau <=
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Tom Lord, 2004/07/07
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Andrew Suffield, 2004/07/07
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Tom Lord, 2004/07/07
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Marcus Sundman, 2004/07/07
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), James Blackwell, 2004/07/12
- [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Stefan Monnier, 2004/07/12
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Stéphane Payrard, 2004/07/12
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), James Blackwell, 2004/07/12
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Samium Gromoff, 2004/07/12
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), John Meinel, 2004/07/12