On Fri, Mar 2, 2012 at 9:48 AM, Carsten Haitzler <ras...@rasterman.com> wrote:
> On Thu, 1 Mar 2012 23:59:26 +0100 Cedric BAIL <cedric.b...@free.fr> said:
>
>> On Thu, Mar 1, 2012 at 7:35 PM, Enlightenment SVN
>> <no-re...@enlightenment.org> wrote:
>> > Log:
>> > elev8: Allow loading modules in runtime
>> >
>> > There are now two kinds of modules: native (.so) and JavaScript (.js).
>> > Both
>> > modules can be loaded using the same interface and is completely
>> > transparent to the application developer, by using the global require()
>> > function. For example, to load the elementary module:
>> >
>> > elm = require('elm');
>> >
>> > This will try to open 'libelm.so' in the current directory, then
>> > 'libelm.so' in elev8's module directory. If that fails, it will try to
>> > open 'elm.js' in the current directory, then 'elm.js' in elev8's directory.
>> > Should any of these attempts work, it will save the module in an internal
>> > cache and return a reference to an object containing all exported symbols
>> > from that module.
>>
>> That's a really great update. I really like this new activity in
>> elev8. I have just a little concern about security. I would have
>> choosen a different order. First I would have tried system module (in
>> elev8's module directory), then I would have tried 'elm.js' in elev8's
>> system directory. If all that's failed, I will try current directory,
>> maybe first the javascript ('elm.js') and the module. Reason is that
>> .so in current directory are much more likely to contain some nasty
>> code. If by just putting a file in the right place I can inject native
>> code, that's sound bad to me.
>
> security here is a matter for a later date. right now the point is for a js
> app
> to be ABLE to behave as fully as a native app. later on (already discussed) we
> want to add security levels (eg on cmdline) that do things like disable module
> loading at all, or limit sources (system only, user homedir only, or full
> paths
> and app-dir relative paths - eg app provides native modules) etc... also
> modifying behavior. eg filesystem access api may start limiting what you have
> access to at all - may totally sandbox you with zero fs access outisde the app
> dir itself (data files, reado-only) and a app-specific config/data/cache dir,
> and then nothing else, then with various levels of exposing more of the fs.
>
> but to start with... think of it as a native app but keep in mind the ability
> of being able to pull in such security later on (via cmd-line args to elev8
> and/or envirnoment vars that get read long before any js kicks in).
ACK
Lucas De Marchi
------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
