[e-lang] anyone ever look at refactoring code to use object-capabilities?

Brett Cannon brett at python.org
Wed May 23 19:05:12 EDT 2007 

On 5/23/07, Sandro Magi <smagi at higherlogics.com> wrote:
>
> Plash [1] is the closest effort that comes to mind.



Thanks for the link.  Since it works outside a program and is not
language-level it doesn't seem to squash my idea at first glance.


If you're dealing with code that loads files from strings (or otherwise
> depends on ambient authority), you build a private filesystem/namespace
> for that code, map only the granted authorities into that namespace, and
> redirect the system calls to use this namespace instead of the global
> operating system namespace.


ACL islands on an ocean of capabilities. :-)
>
> I believe Plash accomplishes this by replacing libc calls, and
> maintaining a database of private namespaces for each executable.
>
> In order to integrate private namespaces with legacy code in a more
> fine-grained fashion and without altering said code, you could introduce
> lightweight language processes which encapsulates a namespace. I'm sure
> there are other approaches, but I have processes on the brain. :-)



=)  I am thinking more along the lines of possible syntactic refactoring so
I am willing to change the code.  Python has a syntax refactoring tool being
used to transition from Python 2.6 to Python 3.0 which keeps all unaffected
code (including comments) as-is.  So doing a syntax-to-syntax translation is
fine and what I was thinking of (this is an idea that was hatched today
during a one hour meeting so the stupid parts of it have yet to surface).

-Brett


Sandro
>
> [1] http://plash.beasts.org/
>
> Brett Cannon wrote:
> > I have been working (at a slow pace) on implementing a security
> > mechanism for Python based on object-capabilities at the application
> > level.  The original motivation for this work was to get Python into
> > Firefox for client-side web scripting.  Unfortunately I couldn't come up
> > with a good motivation out of that to get a PhD thesis in order to
> > justify me getting paid for my work.
> >
> > But I have not given up on my Python security work and trying to find a
> > motivation to keep the work moving along and to end up with a PhD
> > thesis.  An idea that my supervisor and I came up with today involves
> > (semi-)automatically refactoring existing Python code so as to follow an
> > object-capabilities security mechanism.  I have never come across any
> > work on the subject as most obj-cap languages were designed that way
> > from the ground up or were expected to be used with new code only.
> >
> > So my question is whether anyone knows of any research into refactoring
> > existing code to use object-capabilities (e.g., taking a file object
> > instead of a file path string)?  I am obviously hoping the answer is
> > "no".  =)
> >
> > -Brett
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > e-lang mailing list
> > e-lang at mail.eros-os.org
> > http://www.eros-os.org/mailman/listinfo/e-lang
>
> _______________________________________________
> e-lang mailing list
> e-lang at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/e-lang
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.eros-os.org/pipermail/e-lang/attachments/20070523/1fea9e1c/attachment.html

More information about the e-lang mailing list