[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to")
From: |
Andrew Suffield |
Subject: |
Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to") |
Date: |
Wed, 7 Jul 2004 17:08:04 +0100 |
User-agent: |
Mutt/1.5.6+20040523i |
On Wed, Jul 07, 2004 at 08:56:50AM -0700, Tom Lord wrote:
> > From: Anselm Lingnau <address@hidden>
>
> > Jeremy Shaw wrote:
>
> >> I think the basic model is, the VM will have someway to mark
> >> commands as safe or unsafe. There will also be a way to set
> >> which unsafe commands a program can run on a per program, per
> >> command basis. This would allow you to implement a large number
> >> of possible security policies...
>
> > Sandboxing at the VM level isn't easy to get right, as, e.g.,
> > the Java folks have found out to their chagrin.
>
> It might be helpful (to me at least) if you can report on what
> problems they've had and why you think those problems stem from
> sandboxing at the VM level rather than in some other way.
There are two ways to do it: complete segregation of behaviour, which
makes it extremely difficult to do anything useful (an applet that
cannot do IO, except via the browser UI, is of limited value), and
partial segregation, where different bits of code have different
access rights and can call each other across access boundaries. Java
does the latter. It's *really* hard to get right.
What Java discovered was that to do really useful sandboxing in the
real world, you need to do it the hard way. They also discovered that
it was really hard, and that they hadn't got it right
(repeatedly). And Java's still growing at an exponential rate
(codebase roughly doubles at each release).
Throw in code signing and fine-grained access control (not just
"trusted"/"untrusted"), and it gets even harder. They got those wrong
too.
--
.''`. ** Debian GNU/Linux ** | Andrew Suffield
: :' : http://www.debian.org/ |
`. `' |
`- -><- |
signature.asc
Description: Digital signature
- [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), (continued)
- [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Daniel James, 2004/07/06
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Jeremy Shaw, 2004/07/06
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Colin Walters, 2004/07/06
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Ron Parker, 2004/07/06
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Jeremy Shaw, 2004/07/06
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Aaron Bentley, 2004/07/06
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Robert Collins, 2004/07/06
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Jeremy Shaw, 2004/07/06
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Anselm Lingnau, 2004/07/07
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Tom Lord, 2004/07/07
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"),
Andrew Suffield <=
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Tom Lord, 2004/07/07
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Marcus Sundman, 2004/07/07
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), James Blackwell, 2004/07/12
- [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Stefan Monnier, 2004/07/12
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Stéphane Payrard, 2004/07/12
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), James Blackwell, 2004/07/12
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Samium Gromoff, 2004/07/12
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), John Meinel, 2004/07/12
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Stephen J. Turnbull, 2004/07/13
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), James Blackwell, 2004/07/12