>>>>> "Brent" == Brent Dax <[EMAIL PROTECTED]> writes:
> I don't see why Parrot couldn't do much of this. It can
> certainly audit allocations made through its own
> memory-allocation system, and with only a little help from the
> system it should be able to audit its processor usage as well
> (at least within Parrot bytecode). I'm not sure about disk
> space usage, but that's a pretty OS-level thing anyway.
Shouldn't this be doable by starting a separate 'restricted
interpreter' within the process that is given a limit on the number of
bytecodes it can run and amount of memory it can allocate? As far as I
can see, this would achieve the primary goals of restriction
(throttling CPU/memory use). Filesystem usage can be controlled
through a restricted file API, so that shouldn't be a very low-level
concern.
A system that might be worth examining is Darius Bacon's "idel", a
small VM designed for running untrusted code.
http://www.accesscom.com/~darius/software/idel/
msg26695/pgp00000.pgp
Description: PGP signature
