> > At any rate, perl 5's Safe module is a good example of the Wrong Way > to do security, and as such we're going to take it as a cautionary > tale rather than a template. For security I want to go with an > explicit privilege model with privilege checking in parrot's > internals, rather than counting on op functions to Do The Right > Thing. That means that IO restrictions are imposed by the IO code, > not the IO ops, and suchlike stuff. Generally speaking, we're going > to emulate the VMS quota and privilege system, as it's reasonably > good as these things go.
For people who are wondering what has Dan got in his pipe today: http://www.sans.org/rr/papers/22/604.pdf And here a bit about quotas: http://h71000.www7.hp.com/DOC/72final/5841/5841pro_028.html#58_quotasprivilegesandprotecti (I swear I didn't make up the URL, HP did) > If we're going to tackle this, though, we need to pull in some folks > who're actually competent at it before we do more than handwave about > the design.