[e-lang] E research topics
jleonard at oasis.slimy.com
Fri Apr 13 16:19:52 CDT 2007
On Fri, Apr 13, 2007 at 11:17:09AM -0700, David Wagner wrote:
> Zooko writes:
> > So my wish is that someone invent a way to securely re-use native
> > code libraries in E applications.
> Kevin asks:
> > What exactly do you mean by "securely"? How do you propose to
> > restrict it?
> Zooko responds:
> >I mean that the library that I'm re-using does not get authority that I didn't
> >explicitly grant it, including authority to modify my persistent state
> >(filesystem), connect to the network, read or write the non-granted state of my
> >program (i.e. memory safety), etc..
> Good luck, brother! While this would be nice, I don't think you're likely
> to get it, if you also require the abiliity to re-use most existing native
> code and legacy libraries written in C, C++, etc. Even if you put the
> library in a separate process and use IPC, how would you restrict what
> files the legacy library can open? I think this is a near-impossible
> problem statement. You can't get there from here.
Not that it's a good idea, but... You can use something like ptrace, or
a modified kernel (selinux?) to limit the system calls the jailed C code
can access. If the code is expected to be somewhat well-behaved, then a
preloaded library that wraps calls like open() might be enough. (The
first example that comes to mind of such a modifier is trickle, a
I'm guessing that an alternate C compiler with some bytecoded target
(LLVM, for example) or outright rewriting of the code in question would
More information about the e-lang