Puzzle: Adding domain-based security to Squeak.
Michael Roberts
mike at mjr104.co.uk
Tue Aug 8 20:29:00 UTC 2006
On 8 Aug 2006, at 10:03, Michael van der Gulik wrote:
> Hi Howard.
>
> I forgot to mention that the reason I'm doing this is to allow
> untrusted foreign code to run in the same image as trusted code.
> Untrusted code must be carefully managed - it must not be able to
> consume large amounts of memory, CPU or disk space to which it is
> not entitled. Untrusted code / objects must not prevent trusted
> code from operating well.
This is not exactly what you asked for, but -
as an experiment why not run your untrusted code in a separate
image? If you were running this on unix then you could limit the
memory given to this separate image - either via say ulimit in the
shell or something fancier (maybe via the os process plugin). You
could then talk to the 'jail' image via remote messaging. It
wouldn't take very long to knock up and it might give you interesting
results early.
As for limiting CPU or disk space that's a bit harder but there are
various things you could do on Linux to try it out. Run a separate
squeak image inside User Mode Linux for example. That would allow
finer control of virtual CPU and disk space.
Cheers,
Mike
More information about the Squeak-dev
mailing list
|