Re: ASCII Pfiles (was: Color)

From: Daniel A. Koepke (
Date: 01/16/01

On Tue, 16 Jan 2001, George Greer wrote:

> MUD++ used a trimmed version of 'pico' for its work.  We'd probably have
> something similar and put big warning signs around using 'vi' or 'emacs'
> for editng.  The security is a side issue until we actually get to the
> point of detailed design because we don't know how (if) we'd implement it
> and what countermeasures would be available with said method.

Restricted execution, restricted execution, restricted execution.  Any
system that is going to rely on a bunch of small programs kindly
interacting has to have a way for a trusted application to spawn an
untrusted child safely.  That is, build a sandbox for the child to play in
and not be able to do any harm.  I think ptrace() might provide one way to
do this.  I want to be rather guarded with my estimation of the level of
security it could give us.  At the same time, I think it's feasible that,
through sufficient limits on capabilities, you could give someone a
full-blown shell and have a reasonable assurance that they're not doing
anything that will hurt *too* much.  Of course, I wouldn't do it.


   | FAQ: |
   | Archives: |

This archive was generated by hypermail 2b30 : 12/03/01 PST