On 24/03/2004, at 6:38 AM, Dan Sugalski wrote:
At any rate, perl 5's Safe module is a good example of the Wrong Way to do security, and as such we're going to take it as a cautionary tale rather than a template. For security I want to go with an explicit privilege model with privilege checking in parrot's internals, rather than counting on op functions to Do The Right Thing. That means that IO restrictions are imposed by the IO code, not the IO ops, and suchlike stuff. Generally speaking, we're going to emulate the VMS quota and privilege system, as it's reasonably good as these things go.
If we're going to tackle this, though, we need to pull in some folks who're actually competent at it before we do more than handwave about the design.
This is a question without a simple answer, but does Parrot provide an infrastructure so that it would be possible to have proof-carrying[1] Parrot bytecode?
In the general sense, no. The presence of eval and the dynamic nature of the languages we're looking at pretty much shoots down most of the provable bytecode work. Unfortunately.
--
Dan
--------------------------------------"it's like this"-------------------
Dan Sugalski even samurai
[EMAIL PROTECTED] have teddy bears and even
teddy bears get drunk
