develooper Front page | perl.perl6.internals | Postings from November 2002

Re: Draft sketch of bytecode generation

Thread Previous | Thread Next
From:
Dan Sugalski
Date:
November 6, 2002 07:17
Subject:
Re: Draft sketch of bytecode generation
Message ID:
a05111b00b9eedfb76ea9@[63.120.19.221]
At 10:17 PM +0000 10/30/02, Kv Org wrote:
>On Tue, 29 Oct 2002 09:55:23 -0800, Chromatic wrote:
>>
>>I'd really like to be able to save comments from
>>source files as metadata. This has at least two
>>potential benefits.  First, it >makes it much easier
>>to recreate the whole file from bytecode (especially
>>refactored bytecode). 
>>Second, it makes it possible to pull out method
>>documentation in the Smalltalk or Python sense.
>>
>>      Maybe metadata's not the place for this, but it
>>seems rather natural to me.
>
>I always thought metadata in bytecode was the place
>for storing security/permission/capability related
>information about the compiled chunk. If we want Perl6
>and Parrot to handle security and limited code
>sandboxes better than Perl5's Safe.pm, this is a basic
>requirement.

Unfortunately not. (Though I really, *really* wish this was the case) 
The bytecode data, all of it, must be considered completely 
untrustworthy unless explicitly (and out-of-bandly) marked otherwise. 
The code segment that invokes a stronger security context can be 
considered out of band in this context, as it is for the code running 
in the secure

The interpreter engine is responsible for enforcing security. It 
*must*, when running with security turned on, assume that all 
bytecode has been written by malicious vermin with too much time on 
their hands and the morals (and ethics) of a rabid weasel. It just 
can't be trusted, unfortunately. (Parrot bytecode is inherently 
unverifiable as well, at least in the general case, which exacerbates 
the problem)
-- 
                                         Dan

--------------------------------------"it's like this"-------------------
Dan Sugalski                          even samurai
dan@sidhe.org                         have teddy bears and even
                                       teddy bears get drunk

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About