Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
perl.perl6.internals
+ new post
About this group
Subscribe to this group
This is a Usenet group - learn more
Message from discussion Safety and security
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Dan Sugalski  
View profile  
 More options Mar 23 2004, 2:49 pm
Newsgroups: perl.perl6.internals
From: d...@sidhe.org (Dan Sugalski)
Date: Tue, 23 Mar 2004 14:38:00 -0500
Subject: Safety and security
Print | View thread | Show original | Report this message | Find messages by this author
Okay, we'll try this again... (darned cranky mail clients)

We've two big issues to deal with here--safety and security. While
related they aren't the same and there are different things that need
doing. As far as I can see it, we need four things:

1) An oploop that checks branch destinations for validity

2) Opcodes that check their parameters for basic sanity--valid
register numbers (0-31) and basically correct (ie non-NULL) register
contents

3) An oploop that checks basic quotas, mainly run time

4) Opcodes that check to see if you can actually do the thing you've requested

#s 1&2 are safety issues. #2, specifically, can be dealt with by the
opcode preprocessor, generating op bodies that do validity checking.
#1 needs a bounds-checking runloop, which we mostly have already. I'm
comfortable getting this done now, and this is what the framework
that's going in should be able to handle OK.

#s 3&4 deal with security. This... this is a dodgier issue.
Security's easy to get wrong and hard to get right. (Though quotas
are straightforward enough. Mostly) And once the framework's in
place, there's the issue of performance--how do we get good
performance in the common (insecure) case without sacrificing
security in the secure case?

At any rate, perl 5's Safe module is a good example of the Wrong Way
to do security, and as such we're going to take it as a cautionary
tale rather than a template. For security I want to go with an
explicit privilege model with privilege checking in parrot's
internals, rather than counting on op functions to Do The Right
Thing. That means that IO restrictions are imposed by the IO code,
not the IO ops, and suchlike stuff. Generally speaking, we're going
to emulate the VMS quota and privilege system, as it's reasonably
good as these things go.

If we're going to tackle this, though, we need to pull in some folks
who're actually competent at it before we do more than handwave about
the design.
--
                                         Dan

--------------------------------------"it's like this"-------------------
Dan Sugalski                          even samurai
d...@sidhe.org                         have teddy bears and even
                                       teddy bears get drunk


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2013 Google