On Tue, Jan 28, 2003 at 09:24:20AM -0800, Brent Dax wrote: > Christopher Armstrong: > # One other thing to think about is resource limits. It'd be nice to not > # require `ulimit' or whatever system-specific resource limitation > # mechanism, but rather rely on the parrot interpreter to > # baby-sit. Also, it'd make catching these resource-limit violations > # much more convenient; an exception could be raised (or, e.g., the rate > # at which bytecodes are executed could be throttled), rather than > # simply rudely killing the process. For what I want to do, it's not > # really required, and it's not really relevant to the type of security > # we're discussing here, but it would still be very, very useful. > > I don't see why Parrot couldn't do much of this. It can certainly audit > allocations made through its own memory-allocation system, and with only > a little help from the system it should be able to audit its processor > usage as well (at least within Parrot bytecode). I'm not sure about > disk space usage, but that's a pretty OS-level thing anyway.
Cool. I'm really only concerned about CPU and memory usage, as I'd never allow plain file I/O to my untrusted code -- just application-level APIs for doing specific things that might access the disk. -- Twisted | Christopher Armstrong: International Man of Twistery Radix | Release Manager, Twisted Project ---------+ http://twistedmatrix.com/users/radix.twistd/