[pypy-dev] Security ideas
Jacob Hallén
jacob at strakt.com
Wed May 24 14:21:54 CEST 2006
On Wednesday 24 May 2006 13:47, Armin Rigo wrote:
> Hi all,
>
> On Monday I was at an inspiring seminar about (a specific form of)
> language-level security. I've collected the PyPy-ification of these
> ideas there:
>
> http://codespeak.net/svn/pypy/dist/pypy/doc/discussion/security-ideas.txt
>
> Although the focus is different, it makes me think that we could also
> use similar ideas to implement a form of 'rexec' (restricted execution),
> with functions compiled by secure() as in the draft above, but running
> at a priviledge level which is lower than the default ambiant level
> instead of higher.
This is quite interesting, but I have some concerns over the scheme presented.
It seems to only take into consideration who gets to see the contents of an
object. However, real information security is just as often concerned with
who gets to set or modify the contents of an object. This produces security
classifications that can't be represented as a linear scale, leading to a
much more complex infrastructure for determining what classification to give
to an object that receives it from multiple parents.
Jacob
More information about the pypy-dev
mailing list