Just curious, has anyone ever had any discussion regarding a 'security-aware'
Perl model? Some issues have recently ended up on my desk, and I been having
some preliminary thoughts on the subject. It would be nice to be able to set
some rules for what Perl is allowed to do on a server without
This looks like a good link on Java security model:
http://www.emu.edu.tr/edufacil/compcent/bookslib/Java,%20by%20Michael%20Morrison,%20Second%20Edition/ch35.htm
Though I must admit that it looks suspicious to have a whole book
online like that...
--
$jhi++; # http://www.iki.fi/jhi/
#
At 10:13 AM 2/23/2001 -0600, Jarkko Hietaniemi wrote:
This looks like a good link on Java security model:
http://www.emu.edu.tr/edufacil/compcent/bookslib/Java,%20by%20Michael%20Morrison,%20Second%20Edition/ch35.htm
Though I must admit that it looks suspicious to have a whole book
online like
At 07:12 AM 2/23/2001 -0500, wiz wrote:
Just curious, has anyone ever had any discussion regarding a 'security-aware'
Perl model? Some issues have recently ended up on my desk, and I been having
some preliminary thoughts on the subject. It would be nice to be able to set
some rules for what Perl
On Fri, Feb 23, 2001 at 10:26:14AM -0500, Dan Sugalski wrote:
At 07:12 AM 2/23/2001 -0500, wiz wrote:
Just curious, has anyone ever had any discussion regarding a 'security-aware'
Perl model? Some issues have recently ended up on my desk, and I been having
some preliminary thoughts on the
Jarkko Hietaniemi [EMAIL PROTECTED] chipped in:
On Fri, Feb 23, 2001 at 10:26:14AM -0500, Dan Sugalski wrote:
At 07:12 AM 2/23/2001 -0500, wiz wrote:
Just curious, has anyone ever had any discussion regarding a
'security-aware'
Perl model? Some issues have recently ended up on my desk,
I actually have some ideas:
(Apache was a bad example. Sendmail would probably be a better model.)
o Scripts are only executable if listed in 'perl.cf'
o Web/CGI scripts are listed in 'cgi.cf'
o Other specific conditionals(?):
o Execute if $ENV{REMOTE_USER}/$user is defined/valid
That's somewhat along the lines that I'm thinking. It would have to be
Perl-core. I was also thinking from the standpoint of command-line stuff as
well (there are any number of ways to launch perl that aren't relative to cgi).
As far as the Java Model, I plan on taking a look at it over the
#
# PerlSec.txt - Early definition of a Perl security model
# Grant Mongardi 02/23/2001
#
# Description:
#This file contains general thoughts and ideas for a
#Security model for Perl. It would likely be builtin
#to the binary, and would be a PERL run-time loaded
#
I just went through the Java Document quickly, and came up with these notes.
The document is pretty old, so I'll go over the security section in my Java2
book over the weekend. Some of these may actually change my original doc. I'll
update it as I get a chance. ('SecMgr' is short for Security
At 11:59 AM 2/23/2001 -0500, wiz wrote:
This is a start, which is very good, but I'm pretty sure that this is
taking things from the wrong angle to some extent.
In general, if everyone's mostly familiar with just Unix's security model
I'd really, *really* urge you to read up on other models.
I agree about the CGI stuff, as the username should always be the same
anyway, so it can be defined separately for that user. I do believe that we
need to at least take CGI scripts into account, however.
Some questions:
1. you wrote: "Generally speaking we ought to have the capability to
At 04:25 PM 2/23/2001 -0500, wiz wrote:
I agree about the CGI stuff, as the username should always be the same
anyway, so it can be defined separately for that user. I do believe that we
need to at least take CGI scripts into account, however.
I think if we take CGI scripts specifically into
I don't quite understand what is the intention here. Most of
C garbage collector is mark sweep based. It has all common
problems of gc, for example non-deterministic finalization
(destruction), or conservativeness. If we decide to use
GC for Perl, it will be trivial to implement a simple
mark
[EMAIL PROTECTED] wrote:
But we can run an experiment. Warnings can be made default for the
first few releases of Perl 6 and we'll see what happens. If it looks
good, leave them on. If not, shut them off. Unlike most other
features, this one doesn't have any serious backwards
On Fri, 23 Feb 2001, Nathan Wiger wrote:
[EMAIL PROTECTED] wrote:
But we can run an experiment. Warnings can be made default for the
first few releases of Perl 6 and we'll see what happens. If it looks
Ummm, I'm not too sure about this. There are, actually, backwards
I think I see where you are coming from on the issue of CGI. I think that
although we are approaching it from different angles, we are somewhat on the
same track. I say "Content-Length", you say "memory limits". What I am trying
to say (although I've never been really good at explaining
Dear Hong,
This was actually a reply to a posted link for a C/C++ replacement GC
(http://www.hpl.hp.com/personal/Hans_Boehm/gc/), not the default GC from any
particular C package.
Grant M.
18 matches
Mail list logo