#1500: API to tell which opcode group an opcode is in
----------------------+-----------------------------------------------------
Reporter: dukeleto | Owner: dukeleto
Type: RFC | Status: new
Priority: major | Milestone:
Component: core | Version: 2.1.0
Severity: medium | Keywords:
Lang: | Patch:
Platform: all |
----------------------+-----------------------------------------------------
Changes (by dukeleto):
* priority: normal => major
Old description:
> I am currently hacking on PL/Parrot and one of the very important
> features that we need is disallowing certain operations, most notably
> file I/O. The motivation for this is that you do not want a stored
> procedure written in PIR to be able to modify the database via disk
> operations.
>
> I talked with chromatic in #parrot about needing some security subsystem
> features and he agreed that we need an API for telling if an opcode is in
> a particular opcode group. This is talked about in PDD18 if you want to
> get the full background.
>
> For instance, take the open opcode:
> {{{
> inline op open(out PMC, in STR, in STR) :filesys_open {
> /* etc... */
> }
> }}}
>
> It is defined to be in the "filesys_open" opcode group. Currently there
> is no way to tell if a certain opcode is in a given group. The
> information does not seem to make it into op_info_t, but it is in
> lib/Parrot/OpLib/core.pm . I propose a public C API that will consist of
> at least these three functions:
>
> {{{ Parrot_opcode_is_in_group(string opcode_name, string group_name) }}}
>
> This function would take an opcode name and opcode group name as argument
> and return true if the opcode is in the group, false otherwise.
>
> {{{ Parrot_opcodes_in_group(string opcode_group) }}}
>
> This function takes a string argument of an opcode group name and returns
> a ResizableStringArray containing all opcodes in that group.
>
> {{{ Parrot_groups_containing_opcode(string opcode_name) }}}
>
> This function takes a string argument of an opcode name and returns a
> ResizableStringArray listing all groups that contain the given opcode
> name.
>
> Once an API in C is available to accomplish these things, then it should
> be straight forward to access this information from PIR.
New description:
I am currently hacking on PL/Parrot and one of the very important features
that we need is disallowing certain operations, most notably file I/O. The
motivation for this is that you do not want a stored procedure written in
PIR to be able to modify the database via disk operations.
I talked with chromatic in #parrot about needing some security subsystem
features and he agreed that we need an API for telling if an opcode is in
a particular opcode group. This is talked about in PDD18 if you want to
get the full background.
For instance, take the open opcode:
{{{
inline op open(out PMC, in STR, in STR) :filesys_open {
/* etc... */
}
}}}
It is defined to be in the "filesys_open" opcode group. Currently there is
no way to tell if a certain opcode is in a given group. The information
does not seem to make it into op_info_t, but it is in
lib/Parrot/OpLib/core.pm . I propose a public C API that will consist of
at least these three functions:
{{{ Parrot_sec_opcode_is_in_group(string opcode_name, string group_name)
}}}
This function would take an opcode name and opcode group name as argument
and return true if the opcode is in the group, false otherwise.
{{{ Parrot_sec_opcodes_in_group(string opcode_group) }}}
This function takes a string argument of an opcode group name and returns
a ResizableStringArray containing all opcodes in that group.
{{{ Parrot_sec_groups_containing_opcode(string opcode_name) }}}
This function takes a string argument of an opcode name and returns a
ResizableStringArray listing all groups that contain the given opcode
name.
Once an API in C is available to accomplish these things, then it should
be straight forward to access this information from PIR.
--
--
Ticket URL: <https://trac.parrot.org/parrot/ticket/1500#comment:1>
Parrot <https://trac.parrot.org/parrot/>
Parrot Development
_______________________________________________
parrot-tickets mailing list
[email protected]
http://lists.parrot.org/mailman/listinfo/parrot-tickets
