I have always longed for a more flexible security system that could limit what a part of code could do in Perl.
In perl5 Safe.pm (and Safe::Hole) have serious limitations and problems since it is difficult to have the security-limited code (that executes in a safe compartment) have use packages or interact with code outside the compartment: Safe is not reentrant and Perl dies with a segfault if a safe code calls a shared function that calls in turn a different Safe compartment. That makes it difficult if not impossible to build a perl program that could run code from different users securily (web applications, servelets, user-submitted libraries, a programmable perl MUD, perlemacs...). I have been a lazy lurker and have not provided a RFC or a thread before since I assumed others would have the same problem and would do the job much more competenty. However since I could find no such topics in the RFCs and the Parrot mailing lists, I decided to start some action. I believe Perl6 needs a facility to run "compartmented" code (object-oriented and module-loading) that is tagged as to its permissions and "owner" ID. The goal would be to let such code use harmful actions only by calling permitteed outside functions that implement permission checks before calling potentially harmful code. That would mean a piece of user-submitted code closed in a secured compartment could use a limited subset of language (or parrot bytecodes) and some specially permited (shared) functions and method calls outside compartment. Those functions/methods should be able to call code in other compartments (or the same compartment). In this way, code outside the compartment could provide permission-controlled secure access to system facilities and other compartments. Such functionality would be enough for implementation of secure servlets, web/server/cluseter user submitted jobs and perl-based programmable multiuser environments such as MUDs/MUSHes, chatting and programming centers etc. Perhaps the source-info in the Parrot subsystem that is supposed to help in error-message generation could be extended to provide context for compartments and some sort of bytcode filters combined with parser/compiler filters could limit the compartmented code. Is anyone interested? My coding (in)abilities forbid me to actuall create patches, of course... __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com
