On Mon, Jan 26, 2009 at 09:15:38PM +1100, Adam Kennedy wrote: > Unfortunately, any configuration language would eventually trend > towards being turing complete, and thus the final end-point for the > configuration language ends up with us just using Perl for the > mini-language :)
I thought "yes, but Perl has side effects, which means security holes, whereas a mini language could be constrained that it has no side effects - its given fixed input about the environment, and the only output is an end state data structure." The only risk from that is a denial of service from using too much CPU or RAM? Which means monitor both. But then I thought that it *still* isn't useful, as the very task that the configure system wants to do is inspect the installed system its running on, which means that it will always end up wanting a bit more input state. And even providing read-only access to a file system isn't enough, as pretty soon someone wants to know "does this code compile against that library?" and so a sandboxed language doesn't fulfill the tasks required of it. Nicholas Clark
