On Tue, Jan 28, 2003 at 10:39:33AM -0600, Joseph Guhlin wrote: > Pardon my ignorance on the whole issue but I'm just a lurker trying to > understand enough to help out. =) > I know security on parrot like this would be difficult, and this thread > is specifically about securing PASM, but what about something like > FreeBSD's 'jail' command built in? That way, even untrusted code could > possibly be set(somewhere in the parrot configuration, compile time, > command line, enviroment, etc...) to be jailed. The man pages are here:
The fun bit is getting information in and out of the jail. ie. you trust a module but not one of its derived classes.... Also, you might wish to note that both jail(2) and chroot(2) need to be called by the super-user. The reason you can't do a jail entirely within Parrot is that the moment you link to any native code, all bets are off, and you're reliant on what the kernel allows you to do. Parrot can no longer control it. It seems to me that the linking with native code is going to end up being one that most people switch on, because it will be necessary and/or useful in getting anything done. MBM -- Matthew Byng-Maddick <[EMAIL PROTECTED]> http://colondot.net/
