At any rate, perl 5's Safe module is a good example of the Wrong Way to do security, and as such we're going to take it as a cautionary tale rather than a template. For security I want to go with an explicit privilege model with privilege checking in parrot's internals, rather than counting on op functions to Do The Right Thing. That means that IO restrictions are imposed by the IO code, not the IO ops, and suchlike stuff. Generally speaking, we're going to emulate the VMS quota and privilege system, as it's reasonably good as these things go.
If we're going to tackle this, though, we need to pull in some folks who're actually competent at it before we do more than handwave about the design.
This is a question without a simple answer, but does Parrot provide an infrastructure so that it would be possible to have proof-carrying[1] Parrot bytecode? I'm of course not advocating that we should look into proof-carrying code immediately, but I think it's important to realise that PCC exists, and that Parrot should be forward-compatible with it, if people want to put PCC concepts into Parrot at a later stage.
1. http://www.cs.princeton.edu/sip/projects/pcc/ -- Google around for plenty of other links!
-- % Andre Pang : trust.in.love.to.save
