On Sun, Aug 31, 2014 at 12:09 PM, Tomas Hlavaty <t...@logand.com> wrote:
>
> would this clasify?

You mean «clarify»?

> $ cat >/dev/null
> rm -fr /
> ^d
>
> I executed arbitrary script while limiting its effects.

Indeed.

> The most important missing part is to define, what functionality exactly
> do you want to allow and which effects are acceptable.

Some examples:
Allow: execution flow, setting/defining symbols, maths operations, print,
Deny: system calls (or controlled by ACL), file operations (or
sandboxed), redefine important symbols

> Even if you
> allow "safe" operations (whatever that means), users could spin your
> machine in a loop eating precious CPU time.  How would you limit that at
> PicoLisp or Tcl level?

Indeed. Admitedly derisory measures would be limiting number of iterations,
execution time…


chri

-- 

http://profgra.org/lycee/ (site pro)
http://delicious.com/profgraorg (liens, favoris)
https://twitter.com/profgraorg
http://microalg.info
--
UNSUBSCRIBE: mailto:picolisp@software-lab.de?subject=Unsubscribe

Reply via email to