[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to")
|
From: |
Magnus Therning |
|
Subject: |
Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to") |
|
Date: |
Wed, 7 Jul 2004 23:59:33 +0200 |
|
User-agent: |
Mutt/1.5.6+20040523i |
On Tue, Jul 06, 2004 at 03:27:53PM -0700, Jeremy Shaw wrote:
>At Wed, 07 Jul 2004 08:16:37 +1000,
>Robert Collins wrote:
>>
>> [1 <text/plain (quoted-printable)>]
>> On Wed, 2004-07-07 at 07:27, Jeremy Shaw wrote:
>>
>> > (1) You probably don't have a haskell interpreter installed
>> > (2) You probably don't trust me to run abitrary code on your system
>> >
>> > But, if tla has a built-in VM, with a reasonable security module,
>> > both problems are solved:
>> >
>> > (1) I can distribute the script as a pre-compiled byte-code, so
>> > even if you don't have a haskell->furth compiler, you can still
>> > run the script.
>> >
>> > (2) You can rest assured that my script isn't doing anything
>> > malicious (by only allowing by untrusted scripts to execute
>> > safe commands in a sandbox).
>>
>> I don't recall seeing sandbox mentioned in Tom's papers. Did I miss
>> it? Or are presuming that that is a intended & desired feature?
>
>I talked with tom briefly on #arch, and he has given some thought to
>handling security in the VM. I don't think the security stuff has been
>fully flushed out yet. Also, the term sandbox may have some very
>specific meanings attached to it that I am not aware of, so don't read
>to much into that word.
>
>I think the basic model is, the VM will have someway to mark commands
>as safe or unsafe. There will also be a way to set which unsafe
>commands a program can run on a per program, per command basis. This
>would allow you to implement a large number of possible security
>policies...
What about marking data?
I am no perl afficionado but I seem to remember some way of marking data
as tainted. This could add another aspect to the command marking:
Only the following commands can run in "secure (enough) mode":
1. Safe commands working on any kind of data.
2. Unsafe commands working on trusted data.
Again, someone versed in the dark art of perl should probably step in
here right about now :-)
/M
--
Magnus Therning (OpenPGP: 0xAB4DFBA4)
address@hidden
http://magnus.therning.org/
Black holes are where God divided by zero.
-- Steven Wright
signature.asc
Description: Digital signature
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), (continued)
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), James Blackwell, 2004/07/12
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Samium Gromoff, 2004/07/12
- [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Miles Bader, 2004/07/12
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), James Blackwell, 2004/07/12
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Tom Lord, 2004/07/12
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Stephen J. Turnbull, 2004/07/14
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Miles Bader, 2004/07/14
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"),
Magnus Therning <=
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Jan Hudec, 2004/07/08
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Tom Lord, 2004/07/06
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Tom Lord, 2004/07/06
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Colin Walters, 2004/07/06
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Tom Lord, 2004/07/06
Re: [Gnu-arch-users] arch roadmap 1 (and "what's tom up to"), Tom Lord, 2004/07/06