Re: [jruby-dev] Ditching SAFE and tainting

Thu, 05 Jul 2007 12:00:30 -0700 


Charles Oliver Nutter-2 wrote:
> 
> dertown wrote:
>> Hi Charles
>> 
>> What is exactly wrong with SAFE and Taint.
>> and would it be even possible to get it working properly?  I know you
>> said
>> below it was not possible.
>> I am just trying to understand why.
> 
> Politically and theoretically, safe and taint are insufficient to really 
> give you any reliable measure of security. There's just way too many 
> edge cases and possible ways to sneak by. Of course, that's just my 
> belief...but I know of no real-world systems using those sorts of 
> mechanisms for security and actually trusting them.
> 
> Practically, safe and taint add overhead to a massive number of 
> operations, ranging from class and method definition to every string or 
> array mutation. Poke around the JRuby code a bit and you'll see a whole 
> bunch of code, sprinkled liberally around the system, for checking 
> whether the current safe level is compatible with the current operation 
> and the current object's taint. It's not really a scalable way to do 
> security.
> 
> I'd be interested in hearing about your use cases for safe levels, to 
> better understand what requirements we actually need to fill. I'd wager 
> we can get the same things out of Java security levels or out of a more 
> limited safe approach for operations you might actually want to limit 
> (like eval) rather than operations that would only rarely be restricted 
> (like string mutation).
> 
> - Charlie
> 
> ---------------------------------------------------------------------
> To unsubscribe from this list please visit:
> 
>     http://xircles.codehaus.org/manage_email
> 
> 
> 

I would like to talk to you about some use cases as well.  I will have some
worked out by next week.  
If you dont mind waiting for a bit.

Derek
-- 
View this message in context: 
http://www.nabble.com/Ditching-SAFE-and-tainting-tf3989911.html#a11452608
Sent from the JRuby - Dev mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe from this list please visit:

    http://xircles.codehaus.org/manage_email
























					Reply via email to