[e-lang] anyone ever look at refactoring code to use object-capabilities?

Sandro Magi smagi at higherlogics.com
Wed May 23 18:08:14 EDT 2007 

Plash [1] is the closest effort that comes to mind.

If you're dealing with code that loads files from strings (or otherwise
depends on ambient authority), you build a private filesystem/namespace
for that code, map only the granted authorities into that namespace, and
redirect the system calls to use this namespace instead of the global
operating system namespace.

ACL islands on an ocean of capabilities. :-)

I believe Plash accomplishes this by replacing libc calls, and
maintaining a database of private namespaces for each executable.

In order to integrate private namespaces with legacy code in a more
fine-grained fashion and without altering said code, you could introduce
lightweight language processes which encapsulates a namespace. I'm sure
there are other approaches, but I have processes on the brain. :-)

Sandro

[1] http://plash.beasts.org/

Brett Cannon wrote:
> I have been working (at a slow pace) on implementing a security
> mechanism for Python based on object-capabilities at the application
> level.  The original motivation for this work was to get Python into
> Firefox for client-side web scripting.  Unfortunately I couldn't come up
> with a good motivation out of that to get a PhD thesis in order to
> justify me getting paid for my work.
> 
> But I have not given up on my Python security work and trying to find a
> motivation to keep the work moving along and to end up with a PhD
> thesis.  An idea that my supervisor and I came up with today involves
> (semi-)automatically refactoring existing Python code so as to follow an
> object-capabilities security mechanism.  I have never come across any
> work on the subject as most obj-cap languages were designed that way
> from the ground up or were expected to be used with new code only.
> 
> So my question is whether anyone knows of any research into refactoring
> existing code to use object-capabilities (e.g., taking a file object
> instead of a file path string)?  I am obviously hoping the answer is
> "no".  =)
> 
> -Brett
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> e-lang mailing list
> e-lang at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/e-lang

More information about the e-lang mailing list