At 11:41 AM +0000 1/28/03, Thomas Whateley wrote:
Ah, I've been hoping to avoid this for a while for sheer, screaming lack of tuits, but... Here's the deal for 'safe mode'. (For background, as everyone in the Unix world seems to be happy reinventing security wheels, surf over to the VMS doc site at http://www.openvms.compaq.com/doc, and the VMS system security manual specifically at either http://www.openvms.compaq.com/doc/731FINAL/6346/6346PRO.HTM or http://www.openvms.compaq.com/doc/731FINAL/DOCUMENTATION/PDF/OVMS_731_SYS_SEC.PDF)Hi,I've been thinking about how to run un-trusted code, without having to audit every line, or use some sort of sandbox, and was wondering if Parrot could provide a Mandator Access Control mechanism (ala SE Linux/Flask).
Posits:
*) We may potentially put in resource quotas. This includes time, memory, CPU usage, I/O requests, and I/O bytes
*) We may be running untrustworthy code which will try and subvert the interpreter
*) We may potentially put in access controls which restrict what code can do
*) Embedders may want to intercept all file IO calls anyway
So, here's the facilities we're going to build.
*) There'll be an alternate set of opcodes that validate their parameters, so no sneaky trying to access register 554, or branching off the end of the world.
*) There'll be a set of 'privileges' of some sort (call 'em capabilities or whatever) and to do various tasks will require that you have an appropriate privilege
*) You will be able to load in external code (and I realize that there is the general "Hit C and all bets are off" rule). External modules will have the potential to have trust rights attached to them so we can mark C things that are actually safe as loadable, or loadable in certain circumstances
*) Code segments can be granted temporarily elevated privs, presumably being done for code that's been audited and deemed safe
*) Data will be marked as tainted if it comes from an external source for perl/ruby style taint checking
--
Dan
--------------------------------------"it's like this"-------------------
Dan Sugalski even samurai
[EMAIL PROTECTED] have teddy bears and even
teddy bears get drunk
