>>>>> "Brent" == Brent Dax <[EMAIL PROTECTED]> writes:
> I don't see why Parrot couldn't do much of this. It can > certainly audit allocations made through its own > memory-allocation system, and with only a little help from the > system it should be able to audit its processor usage as well > (at least within Parrot bytecode). I'm not sure about disk > space usage, but that's a pretty OS-level thing anyway. Shouldn't this be doable by starting a separate 'restricted interpreter' within the process that is given a limit on the number of bytecodes it can run and amount of memory it can allocate? As far as I can see, this would achieve the primary goals of restriction (throttling CPU/memory use). Filesystem usage can be controlled through a restricted file API, so that shouldn't be a very low-level concern. A system that might be worth examining is Darius Bacon's "idel", a small VM designed for running untrusted code. http://www.accesscom.com/~darius/software/idel/
msg26695/pgp00000.pgp
Description: PGP signature