Hola... I think taint mode should be made reusable somehow, by implementing it in terms of contagious attribution... For example:
my $string : secret = "password"; # the "secret" attr is
# contagious, and causes memory to be overwritten before being
# returned to the OS
$foo = substr($secret, $x, $y); # $foo is also secret
system("echo", $foo); # fatal - secret data doesn't want to
# be shared. The role determines how it doesn't want to be used
Another idea is to enforce separation of data sets, a bit like
traditional tainting: Data from user a is not allowed to interact
with data from user b. Anything A's input touches is now exclusively
owned by A, and cannot touch anything that is owned by B.
Perhaps a sane way to do this is to make certain roles say they are
contageous, and have them attach themselves in the same way that the
taint bit does, to affected strings, or members of the same
expression, or whatever.
This could also be a useful in debugging. I for one would like to
say
my $var : lexical_data = "blah";
and have data derived from "blah" not be allowed to be used (or even
to exist) outside the lexical scope it was created in.
I think a flexible notation of what is disallowed to certain roles
is also useful. For example, say I have a hash of sensitive data, I
don't ever want tainted data to be usable as keys/values.
Perhaps this intolerance of tainting is better defined in a
contagious role:
my %hash : pure; # doesn't like data which is tainted
and perhaps it is better defined by facilities the tainted role
provides.
Lastly, maybe more thoughtful people can think up what vaccinating
against contagious roles will look like... Like, say we have a
filehandle that we allow writing secret data to.
--
() Yuval Kogman <[EMAIL PROTECTED]> 0xEBD27418 perl hacker &
/\ kung foo master: /me climbs a brick wall with his fingers: neeyah!
pgp0HfYPlYeJy.pgp
Description: PGP signature
