[pypy-dev] Security ideas

Jacob Hallén jacob at strakt.com
Wed May 24 14:21:54 CEST 2006


On Wednesday 24 May 2006 13:47, Armin Rigo wrote:
> Hi all,
>
> On Monday I was at an inspiring seminar about (a specific form of)
> language-level security.  I've collected the PyPy-ification of these
> ideas there:
>
> http://codespeak.net/svn/pypy/dist/pypy/doc/discussion/security-ideas.txt
>
> Although the focus is different, it makes me think that we could also
> use similar ideas to implement a form of 'rexec' (restricted execution),
> with functions compiled by secure() as in the draft above, but running
> at a priviledge level which is lower than the default ambiant level
> instead of higher.

This is quite interesting, but I have some concerns over the scheme presented.
It seems to only take into consideration who gets to see the contents of an 
object. However, real information security is just as often concerned with 
who gets to set or modify the contents of an object. This produces security 
classifications that can't be represented as a linear scale, leading to a 
much more complex infrastructure for determining what classification to give 
to an object that receives it from multiple parents.

Jacob



More information about the Pypy-dev mailing list