After Parrot, what next?

[Mark 'Kamikaze' Hughes]

Sat, 14 Apr 2001 00:58:24 -0600 in <9b8see$71d$1 at slb6.atl.mindspring.net>,
Andrew Dalke <dalke at acm.org> spake:
>Mark 'Kamikaze' Hughes wrote:
>>In Python
>>programs, there's already a perfectly functional parser, so you can
>>re-use that as the scripting language, if you can trust the user to
>>write safe code.  If you need a sandbox, OTOH, you have to write another
>>language, and you're back to the need for a parser.
>Sometimes rexec is good enough,
>  http://python.sourceforge.net/devel-docs/lib/module-rexec.html
>Doesn't prevent certain types of denial-of-service attacks.

  Unfortunately, memory and CPU are the third and fourth things I worry
about, after files and networking.  rexec is only half the solution.
And then there's all the other things hostile users can do with even the
slightest scripting capability.  It'll drive you mad if you think about
it long enough.

  As I say, though, if you control the environment and can trust the
user (something that only runs on their own machine, f'rinstance),
Python's perfectly suitable for scripting itself even without rexec.

  XML-based scripting languages have yet another vulnerable point,
though - you have to read the entire document to parse it unless you use
a SAX-like parser, but the document could be arbitrarily large.

  "Why are you so paranoid, Mulder?"  "Oh, I don't know.  Maybe it's
because I find it hard to trust anybody." -Scully & Mulder, The X-Files,
"Ascension"

>Does Java have a way to prevent sandboxed code from, say,
>growing through all of memory?

  Nope (well, it'll eventually hit the top of the JVM heap, which may or
may not expand).

-- 
 <a href="http://kuoi.asui.uidaho.edu/~kamikaze/"> Mark Hughes </a>
"I will tell you things that will make you laugh and uncomfortable and really
fucking angry and that no one else is telling you.  What I won't do is bullshit
you.  I'm here for the same thing you are.  The Truth." -Transmetropolitan #39