On 4/15/05, Shevek [EMAIL PROTECTED] wrote:
How can dropping a privilege for the duration of a (dynamic) scope be
implemented? Does this need to be implemented via a parrot intrinsic,
such as:
without_privs(list_of_privs, code_to_be_run_without_these_privs);
..or is it possible to
Someone's pointed this thread out to me, so I'm going to shove an oar in
following a few posts. I've done a fair bit of security work, so feel
free to ask me to explain, justify or provide references for anything.
On Wed, 2005-04-13 at 17:01 -0400, Dan Sugalski wrote:
All security is done on a
On Wed, 2005-04-13 at 17:51 -0400, Aaron Sherman wrote:
On Wed, 2005-04-13 at 17:01, Dan Sugalski wrote:
So here's what I was thinking of for Parrot's security and quota
model. (Note that none of this is actually *implemented* yet...)
[...]
It's actually pretty straightforward, the hard
On Thu, 2005-04-14 at 09:51 -0700, Dave Whipp wrote:
Dan Sugalski wrote:
All security is done on a per-interpreter basis. (really on a per-thread
basis, but since we're one-thread per interpreter it's essentially the
same thing)
...
* Number of open files
* IO operations/sec
On Wed, 2005-04-13 at 22:03 -0400, Michael Walter wrote:
Dan,
On 4/13/05, Dan Sugalski [EMAIL PROTECTED] wrote:
All security is done on a per-interpreter basis. (really on a
per-thread basis, but since we're one-thread per interpreter it's
essentially the same thing)
Just to get me back
On Thu, 2005-04-14 at 09:11 -0400, Dan Sugalski wrote:
At 10:03 PM -0400 4/13/05, Michael Walter wrote:
Each running thread has two sets of privileges -- the active
privileges and the enableable privileges. Active privs are what's
actually in force at the moment, and can be dropped at
At 10:03 PM -0400 4/13/05, Michael Walter wrote:
Dan,
On 4/13/05, Dan Sugalski [EMAIL PROTECTED] wrote:
All security is done on a per-interpreter basis. (really on a
per-thread basis, but since we're one-thread per interpreter it's
essentially the same thing)
Just to get me back on track: Does
On Thu, 2005-04-14 at 09:11, Dan Sugalski wrote:
At 10:03 PM -0400 4/13/05, Michael Walter wrote:
On 4/13/05, Dan Sugalski [EMAIL PROTECTED] wrote:
All security is done on a per-interpreter basis. (really on a
per-thread basis, but since we're one-thread per interpreter it's
At 10:44 AM -0400 4/14/05, Aaron Sherman wrote:
On Thu, 2005-04-14 at 09:11, Dan Sugalski wrote:
At 10:03 PM -0400 4/13/05, Michael Walter wrote:
On 4/13/05, Dan Sugalski [EMAIL PROTECTED] wrote:
All security is done on a per-interpreter basis. (really on a
per-thread basis, but since
Dan Sugalski wrote:
All security is done on a per-interpreter basis. (really on a per-thread
basis, but since we're one-thread per interpreter it's essentially the
same thing)
...
* Number of open files
* IO operations/sec
* IO operations total
...
Can an application get more resources
At 5:51 PM -0400 4/13/05, Aaron Sherman wrote:
On Wed, 2005-04-13 at 17:01, Dan Sugalski wrote:
So here's what I was thinking of for Parrot's security and quota
model. (Note that none of this is actually *implemented* yet...)
[...]
It's actually pretty straightforward, the hard part being the
At 9:51 AM -0700 4/14/05, Dave Whipp wrote:
Dan Sugalski wrote:
All security is done on a per-interpreter basis. (really on a
per-thread basis, but since we're one-thread per interpreter it's
essentially the same thing)
...
* Number of open files
* IO operations/sec
* IO operations
On Thu, 2005-04-14 at 13:22 -0400, Dan Sugalski wrote:
Anyway, a number of people I deeply respect (and who do this sort of
thing for a living, at deep levels) have told me flat-out that we're
better not having a security system than we are trying to roll our
own, and the common response
So here's what I was thinking of for Parrot's security and quota
model. (Note that none of this is actually *implemented* yet...)
All security is done on a per-interpreter basis. (really on a
per-thread basis, but since we're one-thread per interpreter it's
essentially the same thing)
QUOTAs
On Wed, 2005-04-13 at 17:01, Dan Sugalski wrote:
So here's what I was thinking of for Parrot's security and quota
model. (Note that none of this is actually *implemented* yet...)
[...]
It's actually pretty straightforward, the hard part being the whole
don't screw up when implementing thing,
Dan,
On 4/13/05, Dan Sugalski [EMAIL PROTECTED] wrote:
All security is done on a per-interpreter basis. (really on a
per-thread basis, but since we're one-thread per interpreter it's
essentially the same thing)
Just to get me back on track: Does this mean that when you spawn a
thread, a
16 matches
Mail list logo
