Hi, I've been thinking about how to run un-trusted code, without having to audit every line, or use some sort of sandbox, and was wondering if Parrot could provide a Mandator Access Control mechanism (ala SE Linux/Flask).
When assembling Parrot, the assembler could either look in a file or a perl BEGIN type block containing a list of access requests along the lines of: syscall time read-write directory /tmp listen socket 80 connect socket 25 read-write file /etc/shadow These commands should be easy/quick to audit, could be easily generated by higher level language complier from similar directives in whichever language it is compiling, and parrot would guarentee that only these system priviledges were provided. As a sysadmin I'd certainly be gratefull to have a small block to audit and be certain of what a module/program could do to my system. If people think something like this would be usefull, I'd be more than happy to research this further and try to come up with some code.... Cheers, Tom
