Dear Hong,
This was actually a reply to a posted link for a C/C++ replacement GC
(http://www.hpl.hp.com/personal/Hans_Boehm/gc/), not the default GC from any
particular C package.
Grant M.
I think I see where you are coming from on the issue of CGI. I think that
although we are approaching it from different angles, we are somewhat on the
same track. I say "Content-Length", you say "memory limits". What I am trying
to say (although I've never been really good at explaining myself)
I don't quite understand what is the intention here. Most of
C garbage collector is mark sweep based. It has all common
problems of gc, for example non-deterministic finalization
(destruction), or conservativeness. If we decide to use
GC for Perl, it will be trivial to implement a simple
mark swe
At 04:25 PM 2/23/2001 -0500, wiz wrote:
>I agree about the CGI stuff, as the username should always be the same
>anyway, so it can be defined separately for that user. I do believe that we
>need to at least take CGI scripts into account, however.
I think if we take CGI scripts specifically in
I agree about the CGI stuff, as the username should always be the same
anyway, so it can be defined separately for that user. I do believe that we
need to at least take CGI scripts into account, however.
Some questions:
1.> you wrote: "Generally speaking we ought to have the capability to us
At 11:59 AM 2/23/2001 -0500, wiz wrote:
This is a start, which is very good, but I'm pretty sure that this is
taking things from the wrong angle to some extent.
In general, if everyone's mostly familiar with just Unix's security model
I'd really, *really* urge you to read up on other models. Th
I just went through the Java Document quickly, and came up with these notes.
The document is pretty old, so I'll go over the security section in my Java2
book over the weekend. Some of these may actually change my original doc. I'll
update it as I get a chance. ('SecMgr' is short for Security Mana
#
# PerlSec.txt - Early definition of a Perl security model
# Grant Mongardi 02/23/2001
#
# Description:
#This file contains general thoughts and ideas for a
#Security model for Perl. It would likely be builtin
#to the binary, and would be a PERL run-time loaded
#confi
At 10:13 AM 2/23/2001 -0600, Jarkko Hietaniemi wrote:
>This looks like a good link on Java security model:
>
>http://www.emu.edu.tr/edufacil/compcent/bookslib/Java,%20by%20Michael%20Morrison,%20Second%20Edition/ch35.htm
>
>Though I must admit that it looks suspicious to have a whole book
>online l
That's somewhat along the lines that I'm thinking. It would have to be
Perl-core. I was also thinking from the standpoint of command-line stuff as
well (there are any number of ways to launch perl that aren't relative to cgi).
As far as the Java Model, I plan on taking a look at it over the wee
This looks like a good link on Java security model:
http://www.emu.edu.tr/edufacil/compcent/bookslib/Java,%20by%20Michael%20Morrison,%20Second%20Edition/ch35.htm
Though I must admit that it looks suspicious to have a whole book
online like that...
--
$jhi++; # http://www.iki.fi/jhi/
#
Jarkko Hietaniemi <[EMAIL PROTECTED]> chipped in:
> On Fri, Feb 23, 2001 at 10:26:14AM -0500, Dan Sugalski wrote:
> > At 07:12 AM 2/23/2001 -0500, wiz wrote:
> > >Just curious, has anyone ever had any discussion regarding a
'security-aware'
> > >Perl model? Some issues have recently ended up on m
I actually have some ideas:
(Apache was a bad example. Sendmail would probably be a better model.)
o Scripts are only executable if listed in 'perl.cf'
o Web/CGI scripts are listed in 'cgi.cf'
o Other specific conditionals(?):
o Execute if $ENV{REMOTE_USER}/$user is defined/valid
On Fri, Feb 23, 2001 at 10:26:14AM -0500, Dan Sugalski wrote:
> At 07:12 AM 2/23/2001 -0500, wiz wrote:
> >Just curious, has anyone ever had any discussion regarding a 'security-aware'
> >Perl model? Some issues have recently ended up on my desk, and I been having
> >some preliminary thoughts on t
At 07:12 AM 2/23/2001 -0500, wiz wrote:
>Just curious, has anyone ever had any discussion regarding a 'security-aware'
>Perl model? Some issues have recently ended up on my desk, and I been having
>some preliminary thoughts on the subject. It would be nice to be able to set
>some rules for what Pe
Just curious, has anyone ever had any discussion regarding a 'security-aware'
Perl model? Some issues have recently ended up on my desk, and I been having
some preliminary thoughts on the subject. It would be nice to be able to set
some rules for what Perl is allowed to do on a server without havi
16 matches
Mail list logo
