Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
parrot.dev
Home
+ new post
About this group
Join this group
Message from discussion Student Introduction and Possible Proposal
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Moritz Lenz  
View profile  
 More options Apr 3 2012, 3:46 am
From: Moritz Lenz <mor...@faui2k3.org>
Date: Tue, 03 Apr 2012 09:46:21 +0200
Local: Tues, Apr 3 2012 3:46 am
Subject: Re: Student Introduction and Possible Proposal
Print | View thread | Show original | Report this message | Find messages by this author
Hello Justin,

welcome to the Parrot project, and thanks for your email.

Am 02.04.2012 18:47, schrieb Justin L. Harper:

> After further
> talks with @whiteknight and  @benabik I headed into the direction of
> proposing the Security Sandboxing project. It is a project that can be
> extended or shortened depending on time and possible constraints.

As a developer of a downstream project (Rakudo), I'd be very interested
to see such a project implemented.

>  The
> over all goal of the project is to develop an interface that allows
> the parent to set permissions on the child but not allow the child to
> alter its own permissions.

There's no reason the child wouldn't be allowed to tighten its own
security -- it just can't loosen it. In fact that's the model that UNIX
systems use for things such as process priority (the "nice" value)

> If anyone has possible ideas
> or suggestions towards this project I am open to any and all ideas.

PDD 18 [1] describes the high-level goals and mechanism. A GSoC project
surely isn't enough to implement all of it, but having *something* would
be a good start.

Another good source for inspiration is prior art in linux. There is the
ptrace mechanism for intercepting system calls [2], and selinux for
capability-based access control [3].

I haven't spent too much time thinking about the security system, so
take the following with a grain of salt.
I think the best approach to getting results fast is to implement
something like ptrace, where possibly dangerous operations (memory
allocations, IO, ...) trigger a callback, and that callback can then
allow or forbid the operation. For performance reasons it might make
sense to allow or forbid some operations right away without any
callback, but I guess that's only a second step.

Once such a system is in place, you can write a capability-based system
on top of that.

[1]
http://docs.parrot.org/parrot/devel/html/docs/pdds/pdd18_security.pod...
[2] http://www.linuxjournal.com/article/6100
[3] https://en.wikipedia.org/wiki/Security-Enhanced_Linux

> I
> look forward to proposing and hopefully working on this project. Have
> a great day!

And I look forward to see the actual project proposal and the code :-).

Remember that the application deadline is the upcoming Friday, so don't
waste any time.

Cheers,
Moritz
_______________________________________________
http://lists.parrot.org/mailman/listinfo/parrot-dev


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2013 Google